# Exploit Title: Monstra-Dev 3.0.4 - Cross-Site Scripting # Date: 2018-08-04 # Exploit Author: Nainsi Gupta # Vendor Homepage: http://monstra.org/ # Software Link: https://github.com/monstra-cms/monstra # Product Name: Monstra-dev # Version: 3.0.4 # Tested on: Windows 10 (Firefox/Chrome) # CVE : N/A # POC 1- Go to the site ( http://server.com/monstra-dev/ ) . 2- Click on Registration page (Registration) . 3- Register by giving you name ,mail and soo on... 4- Now log In i the website. 5- After loggin in click on edit profile and in the frist name and last name copy paste this payload- in firsname paste "><svg/onload=alert(/Case/)> and in Lastname paste "><svg/onload=alert(/Test/)> 6- After saving the above changes, click on edit profile page and you will be able to see to Pop up stating "Test" and "Case".
Related ExploitsTrying to match setup file: 230588a31f89bd6b6813c4066c00fff9
Other Possible E-DB Search Terms: Monstra 3.0.4, Monstra