Monstra-Dev 3.0.4 Cross Site Scripting

Monstra-Dev version 3.0.4 suffers from a persistent cross site scripting vulnerability.

MD5 | 5cf1b08ab4a7ae57501a50979d3b4c69

# Exploit Title:Monstra-Dev 3.0.4 Stored Cross Site Scripting
# Date: 04-08-2018
# Exploit Author: Nainsi Gupta
# Vendor Homepage:
# Software Link:
#Published In-
# Product Name: Monstra-dev
# Version: 3.0.4
# Tested on: Windows 10 (Firefox/Chrome)
# CVE : CVE-2018-14922

1. 1. Go to the site ( ) .
2- Click on Registration page (Registration) .
3- Register by giving you name ,mail and soo on...
4 -Now log In i the website.
5.After loggin in click on edit profile and in the frist name and last name copy paste this payload- in firsname paste "><svg/onload=alert(/Nainsi/)> and in Lastname paste "><svg/onload=alert(/Gupta/)>
6. After saving the above changes, click on edit profile page and you will be able to see to Pop up stating Gupta and Nainsi.

Related Posts