Zero Science Lab » Monstra 1.2.1 Multiple HTML Injection Vulnerabilities

Monstra 1.2.1 Multiple HTML Injection Vulnerabilities

Title: Monstra 1.2.1 Multiple HTML Injection Vulnerabilities
Advisory ID: ZSL-2012-5101
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 23.08.2012

Summary

Monstra is fast and small content management system written in PHP! It's free, open source and easy to use from the start!

Description

Monstra suffers from multiple stored XSS vulnerabilities when parsing user input to the 'menu_item_link', 'menu_item_name' and 'page_title' parameters via POST method thru 'index.php' script. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, and influence or misrepresent how Web content is served, cached, or interpreted.

Vendor

MONSTRA.ORG - http://www.monstra.org

Affected Version

1.2.1

Tested On

Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.4
MySQL 5.5.25a

Vendor Status

N/A

PoC

monstra_xss.html

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://packetstormsecurity.org/files/115821
[2] http://cxsecurity.com/issue/WLB-2012080209
[3] http://secunia.com/advisories/50374/
[4] http://www.securityfocus.com/bid/55171
[5] http://www.securelist.com/en/advisories/50374
[6] http://forums.cnet.com/7726-6132_102-5350871.html
[7] http://www.osvdb.org/show/osvdb/84839
[8] http://xforce.iss.net/xforce/xfdb/77953

Changelog

[23.08.2012] - Initial release
[24.08.2012] - Added reference [4], [5] and [6]
[25.08.2012] - Added reference [7]
[26.08.2012] - Added reference [8]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk