1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 0 0 [x] Official Website: http://www.1337day.com 1 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 0 0 1 1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0 0 I'm NuxbieCyber Member From Inj3ct0r TEAM 1 1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx «««:»»» CMS Monstra - Multiple CSRF Vulnerability «««:»»» xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ./Title Exploit : Monstra CMS - Multiple CSRF Vulnerability ./CMS Version : Monstra - Version 1.1.6 (Last Version). ./Software Link : www.monstra.org ./Category XPL : [ WebApps/ZeroDay ] ./Security Risk : [ High Level ] ./Time & Date : June, 26 2012. 07:02 AM, Solo Raya, Indonesian. ./System Tested : Windows 7 Ultimate, Firefox 9.0.1, Xampp-win32-1.7.3 ./Discovered By : -=[ TheCyberNuxbie - Independent Security Research ]=- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ||| -=[ Use It At Your Risk ]=- ||| ||| This Was Written For Educational Purpos Only ||| ||| Author Will Be Not Responsible For Any Damage ||| xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ################################################################################# # - POC: # 1.1.1 Exploit - CSRF PHP Injection (add_template). # 1.1.2 Exploit - CSRF PHP Injection (add_chunk). # 1.2.1 Exploit - CSRF (Add Admin). ################################################################################# # # - Information Details: # Monstra - Fast and small content management system written in PHP! # http://www.monstra.org # ################################################################################# # # 1.1 Exploit - CSRF PHP Injection: # # 1.1.1 Exploit - CSRF PHP Injection (add_template): # ../admin/index.php?id=themes&action=add_template # # #
# #