Share
## https://sploitus.com/exploit?id=PACKETSTORM:173125
====================================================================================================================================
| # Title : Alhotphp article CMS 1.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |
| # Vendor : http://www.traidnt.net/vb/attachments/732178d1406938179-alhotphp.com-article-1.0.zip.zip |
| # Dork : ÌãíÚ CáÍÞæÞ ãÍÝæÙÉ áãäÊÏíCÊ CáÍæÊ ááÈÑãÌÉ || CáãÈÑãÌ æCáãÕãã : Hasan Hatem CáäÓÎÉ 1.0 © 2014 |
====================================================================================================================================
P0C:
[+] Dorking In Google Or Other Search Enggine .
[+] Cross Site Request Forgery vulnerability add new admin ifo
[+] http://localhost/alhotphp/install/install.php?step=3 ( add new admin ifo )
[+] Because the reason is missing authentication on the administrative interface.
http://localhost/alhotphp/admin_list.php ( her to found your admin )
[+] http://localhost/alhotphp/admincp/index.php ( Admin panel to login )
====Greetings to :=======================================================================================================================
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* CraCkEr * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
=========================================================================================================================================