search

monstra-cms / monstra

THIS PROJECT IS NOT SUPPORTED ANYMORE! Check FLEXTYPE.ORG
http://flextype.org
MIT License
396 stars 123 forks source link

XSS (Stored) in Monstra-dev #452

Open security-breachlock opened 6 years ago

security-breachlock commented 6 years ago

Affected software: Monstra-dev

Type of vulnerability: XSS (Stored)

Discovered by: BreachLock

Website: https://www.breachlock.com

Author: Balvinder Singh

Description: Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-I XSS.

Proof of concept:

Step1: Login into the monstra-dev cms. Step2: URL: http://localhost/monstra-dev/monstra-dev/admin/index.php?id=pages&action=add_page Go to the content and choose pages and then create a new page with malicious javascript. xss_monta

Step3: Here as the xss got executed for name parameter in new page. URL: http://localhost/monstra-dev/monstra-dev/http-defaultcom xss_monta_execute

security-breachlock commented 5 years ago

Hi Team,

Any updates regarding the patch.