CVE-2018-14922 : Monstra-Dev Stored Cross Site Scripting
CVE-2018-14922 discovered by Nainsi Gupta who is the member of ICSS. It is an achievement for Indian Cyber Security Solutions. The Exploit details are as follows:
Exploit Title: Monstra-Dev Stored Cross Site Scripting
Author: Nainsi Gupta
Vendor Homepage: http://monstra.org/
Software Link: https://github.com/monstra-cms/monstra
Product Name: Monstra-dev
Tested on: Windows 10 (Firefox/Chrome)
Proof of Concept
-Go to the site ( http://server.com/monstra-dev/ ) .
-Click on Registration page (Registration) .
-Register by giving you name ,mail and soo on…
-Now log In i the website.
-After loggin in click on edit profile and in the frist name and last name copy paste this payload- in firsname paste “><svg/onload=alert(/Nainsi/)> and in Lastname paste “><svg/onload=alert(/Gupta/)>
-After saving the above changes, click on edit profile page and you will be able to see to Pop up stating Gupta and Nainsi.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: