This article is about the XSS vulnerabilities that we had found out on Monstra CMS 3.0.4.
The bugs had a medium effect, and they were also easy to find and replicate.
Now coming to XSS,
Cross-Site Scripting (XSS) attacks are a form of scripting that injects malicious scripts into otherwise benign and trusted websites, according to the internet. XSS attacks occur when a web application is used by an attacker to send malicious code to a specific end user, typically in the form of a browser side script. Flaws that enable these attacks to succeed are widespread and occur wherever a web application uses a user's input within the output it generates without validating or encoding it.
An attacker may use XSS to give an unsuspecting user a malicious script. The client of the end user has no way of knowing that the script should not be trusted and that the script will be executed. Because it thinks the script comes from a trusted source; any cookies, session tokens, or other sensitive information retained by the browser and used with that site can be accessed by the malicious script. Such scripts can also rewrite the HTML page text.
I will give a detailed explanation on XSS in the coming days that will be placed on the articles tab.
Vulnerability Type : Cross Site Scripting (XSS)
Vendor of Product : Monstra CMS 3.0.4
Affected Component : http://localhost/monstra/admin/index.php?id=pages
Attack Type : Remote
POST /monstra/admin/index.php?id=pages HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept-Encoding: gzip, deflate
So that’s for now. See you next time.
Technology dependency in Business are growing, so is the risk. We come across SOS situation every now and then due to Cyber Crime.
Infopercept SOS model is like vaccine which immunize against threat at various levels
H-1209, Titanium City Center,
Anand Nagar Road, Satellite Road,
Ahmedabad – 380 015