Web
Nmap discovered a web server on the target port 8080
Webroot
It appears to be a custom website featuring a fitness service
wappalyzer identified technologies involed
It’s written in PHP 7.4.6
Burp Suites passive crawler comes in so handy. sometimes, I don’t need to fuzz the web server.
/contact.php
Under the Contact tab, it shows that the website is made from Gym Management Software
It’s probably referring to the Gym Management System made by projectworlds.in
Vulnerabilities
┌──(kali㉿kali)-[~/archive/htb/labs/buff]
└─$ searchsploit Gym
------------------------------------------------------------------ ---------------------------------
Exploit Title | Path
------------------------------------------------------------------ ---------------------------------
Gym Management System 1.0 - 'id' SQL Injection | php/webapps/48936.txt
Gym Management System 1.0 - Authentication Bypass | php/webapps/48940.txt
Gym Management System 1.0 - Stored Cross Site Scripting | php/webapps/48941.txt
Gym Management System 1.0 - Unauthenticated Remote Code Execution | php/webapps/48506.py
WordPress Plugin WPGYM - SQL Injection | php/webapps/42801.txt
------------------------------------------------------------------ ---------------------------------
shellcodes: No Results
papers: No ResultsThe target web application has multiple vulnerabilities