============================================== # Exploit Title : pluck-cms vulnerability CSRF # Reported Date : 8 - 10 - 2017 # Exploit Author : Ashiyane Digital Security Team # CWE: CSRF - 352 # Tested On : kali Linux # Vendor Homepage : https://www.pluck-cms.org/ # Software Link : https://github.com/pluck-cms/pluck/releases # Version : 4.7.4 ============================================== ----------------------------- vulnerability discovered by : Ehsan Cod3r , Und3rgr0und ----------------------------- vulnerability Path : http://127.0.0.1/PluckCMS/data/inc/editpage.php ----------------------------- vulnerability File: editpage.php ----------------------------- vulnerability Method : _GET[] ----------------------------- Vulnerability code :

============================================================================ Exploit code :