Share
## https://sploitus.com/exploit?id=99EEC46E-1987-5377-B5E5-3C757824FDDC
# Camaleon CMS -p
```
### Arguments
- -t, --target Base target URL
- -u, --username Valid low-privileged username
- -p, --password User password
---
## Exploit Flow
1. Retrieve login page and extract CSRF token
2. Authenticate with provided credentials
3. Access profile edit page
4. Extract password update endpoint and CSRF token
5. Send forged PATCH request including password[role]=admin
6. Verify role escalation
7. Output valid session cookies
---
## Successful Exploitation
On success, the script:
- Confirms authentication
- Updates the password
- Escalates the user role to admin
- Prints reusable session cookies
---
## Mitigation
- Upgrade Camaleon CMS
---
## Disclaimer
For educational and authorized security testing only.
Unauthorized use is prohibited.