# monstra cms

## Interesting Paths

```aspnet
# admin path
/admin/

# db file
/storage/database/users.table.xml
```

## User Cred exposure (unauthenticated)

```
# db file path:
/storage/database/users.table.xml

https://simpleinfosec.com/2018/05/27/monstra-cms-3-0-4-unauthenticated-user-credential-exposure/
```

## File Upload (authenticated)

v 3.0.4

```
https://www.exploit-db.com/exploits/48479
```