Alhotphp Article CMS version 1.0 suffers from a cross site request forgery vulnerability.
282bf153e3389346d8953b89790a94a2a2cf4d64e5e8078438724503ed0d7f6a====================================================================================================================================
| # Title : Alhotphp article CMS 1.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |
| # Vendor : http://www.traidnt.net/vb/attachments/732178d1406938179-alhotphp.com-article-1.0.zip.zip |
| # Dork : ÌãíÚ CáÍÞæÞ ãÍÝæÙÉ áãäÊÏíCÊ CáÍæÊ ááÈÑãÌÉ || CáãÈÑãÌ æCáãÕãã : Hasan Hatem CáäÓÎÉ 1.0 © 2014 |
====================================================================================================================================
P0C:
[+] Dorking In Google Or Other Search Enggine .
[+] Cross Site Request Forgery vulnerability add new admin ifo
[+] http://localhost/alhotphp/install/install.php?step=3 ( add new admin ifo )
[+] Because the reason is missing authentication on the administrative interface.
http://localhost/alhotphp/admin_list.php ( her to found your admin )
[+] http://localhost/alhotphp/admincp/index.php ( Admin panel to login )
====Greetings to :=======================================================================================================================
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* CraCkEr * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
=========================================================================================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed