============================================================================================================================================================================= | # Title : Online Flight Booking System 1.0 CSRF Add Admin vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits) | | # Vendor : https://www.campcodes.com/downloads/online-flight-booking-management-system-source-code/?wpdmdl=5913&refresh=66bbf742d7abc1723594562 | ============================================================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] This payload inject new admin account. [+] Line 6 Set your Target. [+] Line 15+19 Set your user & pass. [+] save payload as poc.html [+] payload : Greetings to :===================================================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)| ===================================================================================================