Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-16979 PoC — Monstra CMS 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-16979.yaml
Associated Vulnerability
Title:Monstra CMS 安全漏洞 (CVE-2018-16979)
Description:Monstra CMS是乌克兰软件开发者Sergey Romanenko所研发的一套基于PHP的轻量级内容管理系统(CMS)。该系统具有易于安装使用、可扩展等特点。 Monstra CMS 3.0.4版本中的plugins/captcha/crypt/cryptographp.php页面的‘cfg’参数存在安全漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Description
Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to virtual hosts not intended for this purpose. This is a related issue to CVE-2012-2943.
File Snapshot

 id: CVE-2018-16979

info:
  name: Monstra CMS 3.0.4 - HTTP Header Injection
  author: 0x_Akoko
  sev

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.