CVE-2018-14921 : Monstra-Dev User Information Disclosure
CVE-2018-14921 discovered by Nainsi Gupta who is the member of ICSS. It is an achievement for Indian Cyber Security Solutions. The Exploit details are as follows:
Exploit Title: Monstra-Dev User Information Disclosure
Date: 04-08-2018
CVE: CVE-2018-14921
Author: Nainsi Gupta
Vendor Homepage: http://monstra.org/
Software Link: https://github.com/monstra-cms/monstra
Product Name: Monstra-dev
Version: 3.0.4
Tested on: Windows 10 (Firefox/Chrome)
Proof of Concept
- After registering for as many users you want and then logging out of it.
- You can still see all information about the user.
Tested link
http://localhost/monstra-dev/users/1
http://localhost/monstra-dev/users/2
http://localhost/monstra-dev/users/3
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Amazon Web Services Training in Hyderabad
Amazon Web Services Training in Bangalore
Amazon Web Services Training in Bhubaneswar
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Testing training
Certified Network Penetration Tester
Diploma in Web Application Security
Certified Web Application Penetration Tester
Certified Android Penetration Tester
Cybersecurity services that can protect your company:
Web Security | Web Penetration Testing
Network Penetration Testing – NPT
Android App Penetration Testing
Other Location for Online Courses: