Monstra-Dev User Information Disclosure | CVE-2018-14921

  • Home
  • Monstra-Dev User Information Disclosure | CVE-2018-14921

CVE-2018-14921 : Monstra-Dev User Information Disclosure

CVE-2018-14921 discovered by Nainsi Gupta who is the member of ICSS. It is an achievement for Indian Cyber Security Solutions. The Exploit details are as follows:

 

Exploit Title: Monstra-Dev User Information Disclosure

Date: 04-08-2018

CVE: CVE-2018-14921

Author Nainsi Gupta

Vendor Homepage: http://monstra.org/

Software Link: https://github.com/monstra-cms/monstra

Product Name: Monstra-dev

Version: 3.0.4

Tested on: Windows 10 (Firefox/Chrome)

 

 

CVE-2018-14921

 

Proof of Concept

 

  • After registering for as many users you want and then logging out of it.

 

  • You can still see all information about the user.

 

Tested link

 

http://localhost/monstra-dev/users/1

http://localhost/monstra-dev/users/2

http://localhost/monstra-dev/users/3

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

Certified Company
Member of
Forest
Mountains
Mountains
Mountains

Our Address

Kolkata

Globsyn Crystals Building,
5th Floor, Unit-4, Webel More
Kolkata – 700091

Bangalore

Chirush Mansion, 3478J HAL 2nd Stage,
13th A Main Road
Indiranagar Bangalore – 560008
Land Mark: Behind New Horizon School

Canada

Indian Cyber Security Solutions
Cyber Security Research & Analytics Center
Vine Avenue
Moncton NB,
Canada, PO E1E 1J9

Australia

GIndian Cyber Security Solutions
Australia (Research and Development Center)
11 Darling Street, Hughesdale
Melbourne VIC. 3166

© 2020 Indian Cyber Security Solutions|Green Fellow IT Security Pvt. Ltd.

×

Hello!

Click one of our representatives below to chat on WhatsApp or send us an email to hello@quadlayers.com

Call us to +542215676835 from 0:00hs a 24:00hs

× Hi How can we help you