Sunday, November 21, 2021

Montiorr 1.7.6m - Persistent Cross-Site Scripting

# Exploit Title: Montiorr 1.7.6m - Persistent Cross-Site Scripting
# Date: 25/4/2021
# Exploit Author: Ahmad Shakla
# Software Link:
# Tested on: Kali GNU/Linux 2020.2
# Detailed Bug Description :

An attacker can preform an XSS attack via image upload

Steps :

1)Create a payload with the following format : 
><img src=x onerror=alert("XSS")>.png

2) Install the database by going to the following link :

3)Register for a new account on the server by going to the following link :

4)Login with your credentials on the following link :

5)Go to the following link and upload the payload :

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore