Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Monstra-Dev 3.0.4 Cross Site Scripting

Related Vulnerabilities: cve-2018-14922   CVE-2018-14922  
Publish Date: 06 Aug 2018
Author: Nainsi Gupta
Source 
                							

                # Exploit Title:Monstra-Dev 3.0.4 Stored Cross Site Scripting
# Date: 04-08-2018
# Exploit Author: Nainsi Gupta
# Vendor Homepage: http://monstra.org/
# Software Link: https://github.com/monstra-cms/monstra
#Published In- https://indiancybersecuritysolutions.com/cve-2018-14922-cross-site-scripting/
# Product Name: Monstra-dev
# Version: 3.0.4
# Tested on: Windows 10 (Firefox/Chrome)
# CVE : CVE-2018-14922
 
 
#POC
1. 1. Go  to the  site ( http://server.com/monstra-dev/ ) .
2- Click on  Registration page  (Registration) .
3- Register by giving you name ,mail and soo on...
4 -Now log In i the website.
5.After loggin in click on edit profile and in the frist name and last name copy paste this payload- in firsname paste "><svg/onload=alert(/Nainsi/)>  and in Lastname paste  "><svg/onload=alert(/Gupta/)> 
6. After saving the above changes, click on edit profile page and you will be able to see to Pop up stating Gupta and Nainsi.


<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started