Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Two Stored-XSS reported #427(title section) and #435 (content section) I found another Stored-XSS lie in Name filed in the same page (monstra-3.0.4/plugins/box/pages/pages.admin.php)
Steps to reproduce: 1、Login monstra http://127.0.0.1/monstra-3.0.4/admin/index.php 2、Then, visit http://127.0.0.1/monstra-3.0.4/admin/index.php?id=pages 3、Click Create New Page button to create a new page 4、Fill in Name field with payload <script>alert(document.cookie)</script> 5、Save and Exit 6、visit the page you just created, then Stored-XSS will be triggered
<script>alert(document.cookie)</script>
Impacts: Anyone who visit the target page will trigger JavaScript code execution, including administrator, editor, and guest.
Affected Version: 3.0.4 or before
Affected URL: http://<your_site>/monstra/blog/<page_name>.php
Testing Environment: Win7 with XAMPP: Apache/2.4.23 、 PHP Version 5.6.28
Analysis vulnerable page : https://github.com/monstra-cms/monstra/blob/dev/plugins/box/pages/pages.admin.php line 222-233 all post data without any sanitization, just add and display Add page and edit page are vulnerable.
Mitigation: Filter user input ,please refer #427
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Two Stored-XSS reported #427(title section) and #435 (content section)
I found another Stored-XSS lie in Name filed in the same page (monstra-3.0.4/plugins/box/pages/pages.admin.php)
Steps to reproduce:
1、Login monstra http://127.0.0.1/monstra-3.0.4/admin/index.php
2、Then, visit http://127.0.0.1/monstra-3.0.4/admin/index.php?id=pages
3、Click Create New Page button to create a new page
4、Fill in Name field with payload
<script>alert(document.cookie)</script>5、Save and Exit
6、visit the page you just created, then Stored-XSS will be triggered
Impacts:
Anyone who visit the target page will trigger JavaScript code execution, including administrator, editor, and guest.
Affected Version:
3.0.4 or before
Affected URL:
http://<your_site>/monstra/blog/<page_name>.php
Testing Environment:
Win7 with XAMPP: Apache/2.4.23 、 PHP Version 5.6.28
Analysis
vulnerable page :
https://github.com/monstra-cms/monstra/blob/dev/plugins/box/pages/pages.admin.php
line 222-233 all post data without any sanitization, just add and display
Add page and edit page are vulnerable.
Mitigation:
Filter user input ,please refer #427
The text was updated successfully, but these errors were encountered: