6 matches found
CVE-2021-21276
Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...
POLR URL 2.3.0 Shortener Admin Takeover
Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...
POLR URL 2.3.0 - Shortener Admin Account Takeover Exploit
Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword': 'password',...
POLR URL 2.3.0 - Shortener Admin Takeover
Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...
CVE-2021-21276
creationtimestamp| type| source ---|---|--- 2021-02-01 19:25:11+00:00| published-proof-of-concept| https://t.me/cibsecurity/22897...
CVE-2021-21276
Polr before version 2.3.0 is affected by a setup-process privilege-escalation vulnerability. A loose comparison (==) in SetupController allows an attacker to craft a request to /setup/finish with crafted cookie headers to obtain admin privileges on a site instance, even without an existing accoun...