CVE-2021-21276

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

POLR URL 2.3.0 - Shortener Admin Account Takeover Exploit

Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword': 'password',...

POLR URL 2.3.0 Shortener Admin Takeover

Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...

POLR URL 2.3.0 - Shortener Admin Takeover

Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...

CVE-2021-21276

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

CVE-2021-21276

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

Code injection

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

CVE-2021-21276 Privilege escalation in Polr

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

PT-2021-14382 · Polr · Polr

Name of the Vulnerable Software and Affected Versions: Polr versions prior to 2.3.0 Description: Polr is an open source URL shortener. A vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability...

Cydrobolt Polr Security Vulnerability

Cydrobolt Polr is a Php-based codebase from the Cydrobolt Personal Developer that shortens URL links for web applications in response to Api. A security vulnerability exists in Cydrobolt Polr, which can be exploited by an attacker to gain administrative privileges to the instance...

CVE-2021-21276

Polr before version 2.3.0 is affected by a setup-process privilege-escalation vulnerability. A loose comparison (==) in SetupController allows an attacker to craft a request to /setup/finish with crafted cookie headers to obtain admin privileges on a site instance, even without an existing accoun...