158fcdfd5c
11 changes to exploits/shellcodes/ghdb Anevia Flamingo XL 3.2.9 - Remote Root Jailbreak Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution Anevia Flamingo XS 3.6.5 - Authenticated Root Remote Code Execution Monstra 3.0.4 - Stored Cross-Site Scripting (XSS) Online Thesis Archiving System v1.0 - Multiple-SQLi projectSend r1605 - CSV injection projectSend r1605 - Stored XSS Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated) Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated) PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
17 lines
No EOL
625 B
Text
17 lines
No EOL
625 B
Text
# Exploit Title: Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)
|
|
# Date: 2023-06-13
|
|
# Exploit Author: tmrswrr
|
|
# Vendor Homepage: https://monstra.org/
|
|
# Software Link: https://monstra.org/monstra-3.0.4.zip
|
|
# Version: 3.0.4
|
|
# Tested : https://www.softaculous.com/softaculous/demos/Monstra
|
|
|
|
|
|
--- Description ---
|
|
|
|
1) Login admin panel and go to Pages:
|
|
https://demos3.softaculous.com/Monstraggybvrnbr4/admin/index.php?id=pages
|
|
2) Click edit button and write your payload in the Name field:
|
|
Payload: "><script>alert(1)</script>
|
|
3) After save change and will you see alert button
|
|
https://demos3.softaculous.com/Monstraggybvrnbr4/ |