You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Two Stored-XSS reported #427(title section) and #435 (content section)
I found another Stored-XSS lie in Name filed in the same page (monstra-3.0.4/plugins/box/pages/pages.admin.php)
Two Stored-XSS reported #427(title section) and #435 (content section)
I found another Stored-XSS lie in Name filed in the same page (monstra-3.0.4/plugins/box/pages/pages.admin.php)
Steps to reproduce:
1、Login monstra http://127.0.0.1/monstra-3.0.4/admin/index.php
2、Then, visit http://127.0.0.1/monstra-3.0.4/admin/index.php?id=pages
3、Click Create New Page button to create a new page
4、Fill in Name field with payload
<script>alert(document.cookie)</script>5、Save and Exit
6、visit the page you just created, then Stored-XSS will be triggered
Impacts:
Anyone who visit the target page will trigger JavaScript code execution, including administrator, editor, and guest.
Affected Version:
3.0.4 or before
Affected URL:
http://<your_site>/monstra/blog/<page_name>.php
Testing Environment:
Win7 with XAMPP: Apache/2.4.23 、 PHP Version 5.6.28
Analysis
vulnerable page :
https://github.com/monstra-cms/monstra/blob/dev/plugins/box/pages/pages.admin.php
line 222-233 all post data without any sanitization, just add and display
Add page and edit page are vulnerable.
Mitigation:
Filter user input ,please refer #427
The text was updated successfully, but these errors were encountered: