# Web Services

![](https://331490554-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fmhr763Ci2woUpr6Yqlcb%2Fuploads%2FrVcfrfZGIXcQymxtsPVG%2F2022-07-30_17-10.png?alt=media\&token=48f160de-9fbf-4be9-823f-6790a2529547)

We could sign in but for some reason it didnt work with my own user so we need to see if we can look for creds

```
╭─      /home/kali ▓▒░───────────────────────────────────────────────────────────░▒▓ ✔  1m 25s    root@kali 
╰─ searchsploit booked                 
----------------------------------------------------------------------------------- ---------------------------------
 Exploit Title                                                                     |  Path
----------------------------------------------------------------------------------- ---------------------------------
Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)                     | php/webapps/46486.rb
Booked Scheduler 2.7.5 - Remote Command Execution (RCE) (Authenticated)            | php/webapps/50594.py
Booked Scheduler 2.7.7 - Authenticated Directory Traversal                         | php/webapps/48428.txt
----------------------------------------------------------------------------------- ---------------------------------
```