Awilum
commented
5 years ago SNIPPETS CAN CREATE AND EDIT ADMIN AND TRUSTED USERS! SNIPPETS ALLOW TO USE HTML AND PHP CODE!
Closed xiaohuihui1113 closed 5 years ago
Awilum
commented
5 years ago SNIPPETS CAN CREATE AND EDIT ADMIN AND TRUSTED USERS! SNIPPETS ALLOW TO USE HTML AND PHP CODE!
Hello sir, I have found a php code execution vulnerability in Monstra 3.0.4.Here I was able to execute PHP command.
visit: http://ip/monstra-3.0.4/admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics
In this page,input <?php phpinfo()?> example:
then visit:http://ip/monstra-3.0.4/index.php