[+] Exploit Title ; Mono Blog multiple vulnerability [+] Date : 2018-01-29 [+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS [+] Version : 1.0 [+] Vendor Homepage : monoblog.ir [+] Dork : intext:"POWERED BY monoblog.ir" [+] Forum : irethicalhackers.com/forums [+] Tested On : windows 10 - kali linux 2.0 [+] Contact : https://telegram.me/WebServer [+] Description : [!] Mono Blog is a tool for creating free blogs [+] Poc : [+] Cross Site Scriping (Stored): [!] First Go to the admin panel and click on new post for send any post to your blog [!] now copy and paste payload on content box. [!] payload : <script>alert('0P3N3R')</script> [!] now if you go site you can see 0P3N3R on any sites and admin panel [+] Sensitive Data Exposure [!] If you enter the wrong password on login page [!] mono blog redirected you for login.php and you can see your database user without password [!] Error : Access denied for user ''@'localhost' (using password: NO) [!] or you can going to http://testsec.monoblog.ir/gallery/ and see this Error [+] Security Level : [!] medium [+] Exploitation Technique: [!] Remote [+] Vulnerability Files : [*] index.php [!] Vulnerable Files : [!] index.php [!] login.php [!] Addpost.php [+] Fix : [!] Restrict user input or replace bad characters [!] use htmlspecialchars and htmlentities [!] Validating user inputs [+] We Are : [+] 0P3N3R [+] Mehrdad_Ice [+] BaxTurk24 [+] S0hp [+] ERROR1067