Lucene search
Nainsi Gupta1337DAY-ID-30844HistoryAug 06, 2018 - 12:00 a.m.
Monstra 3.0.4 - Cross-Site Scripting Vulnerability
2018-08-0600:00:00
Nainsi Gupta
0day.today
38
EPSS
0.001
Percentile
43.6%
Exploit for php platform in category web applications
# Exploit Title:Monstra-Dev 3.0.4 Stored Cross Site Scripting
# Exploit Author: Nainsi Gupta
# Vendor Homepage: http://monstra.org/
# Software Link: https://github.com/monstra-cms/monstra
#Published In- https://indiancybersecuritysolutions.com/cve-2018-14922-cross-site-scripting/
# Product Name: Monstra-dev
# Version: 3.0.4
# Tested on: Windows 10 (Firefox/Chrome)
# CVE : CVE-2018-14922
#POC
1. 1. Go to the site ( http://server.com/monstra-dev/ ) .
2- Click on Registration page (Registration) .
3- Register by giving you name ,mail and soo on...
4 -Now log In i the website.
5.After loggin in click on edit profile and in the frist name and last name copy paste this payload- in firsname paste "><svg/onload=alert(/Nainsi/)> and in Lastname paste "><svg/onload=alert(/Gupta/)>
6. After saving the above changes, click on edit profile page and you will be able to see to Pop up stating Gupta and Nainsi.
# 0day.today [2018-08-06] #Related
prion
prion
Cross site scripting
2018-08-14 18:29:00
exploitdb
exploitdb
Monstra 3.0.4 - Cross-Site Scripting
2018-08-06 00:00:00
cve
cve
CVE-2018-14922
2018-08-14 18:29:00
nvd
nvd
CVE-2018-14922
2018-08-14 18:29:00
packetstorm
packetstorm
Monstra-Dev 3.0.4 Cross Site Scripting
2018-08-06 00:00:00
osv
osv
CVE-2018-14922
2018-08-14 18:29:00
cvelist
cvelist
CVE-2018-14922
2018-08-14 16:00:00
openvas
openvas
Monstra CMS <= 3.0.4 Multiple Vulnerabilities
2018-05-29 00:00:00