Share
## https://sploitus.com/exploit?id=PACKETSTORM:173125
====================================================================================================================================  
| # Title : Alhotphp article CMS 1.0 CSRF Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |   
| # Vendor : http://www.traidnt.net/vb/attachments/732178d1406938179-alhotphp.com-article-1.0.zip.zip |   
| # Dork : ÌãíÚ CáÍÞæÞ ãÍÝæÙÉ áãäÊÏíCÊ CáÍæÊ ááÈÑãÌÉ || CáãÈÑãÌ æCáãÕãã : Hasan Hatem CáäÓÎÉ 1.0 © 2014 |  
====================================================================================================================================  
  
P0C:   
  
[+] Dorking In Google Or Other Search Enggine .   
  
[+] Cross Site Request Forgery vulnerability add new admin ifo  
  
[+] http://localhost/alhotphp/install/install.php?step=3 ( add new admin ifo )  
  
[+] Because the reason is missing authentication on the administrative interface.  
  
http://localhost/alhotphp/admin_list.php ( her to found your admin )  
  
  
[+] http://localhost/alhotphp/admincp/index.php ( Admin panel to login )  
  
====Greetings to :=======================================================================================================================  
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* CraCkEr * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |  
=========================================================================================================================================