This isn't security research, it's unauthorized hacking. Monster has no vulnerability disclosure program. It's completely illegal to try and gain unauthorized access without a VDP, even if you attempt to responsibly disclose your findings after the fact. And frankly, you didn't /responsibly/ disclose your findings, because you are publishing this while some of the vulnerabilities are still present. I reckon you have a 5% chance of ending up in jail because of this post.

Depending on jurisdiction, it can be argued that this is not unauthorized access, as the files and listings do not prevent access to anyone, effectively authorizing anyone who requests a file.