Monstra CMS 3.0.4 Unauthenticated User Credential Exposure

Whilst pratting around on hackthebox.eu, someone had uploaded a machine which used the Monstra CMS platform versions 3.0.4. Getting a tad frustrated I downloaded the platform to look at the code directly. Unknowingly stumbling across the username “database” which is in fact an XML file. This file contains all user credential information including the password … More Monstra CMS 3.0.4 Unauthenticated User Credential Exposure