DB: 2017-02-10

6 new exploits

Mobiketa 3.5 - SQL Injection
Sendroid 5.2 - SQL Injection
Fome SMS Portal 2.0 - SQL Injection
SOA School Management - SQL Injection
Client Expert 1.0.1 - SQL Injection
EXAMPLO - SQL Injection

files.csv

@@ -37203,3 +37203,9 @@ id,file,description,date,author,platform,type,port
 41272,platforms/php/webapps/41272.txt,"Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure",2017-02-07,"Wiswat Aswamenakul",php,webapps,0
 41279,platforms/php/webapps/41279.txt,"Muviko Video CMS - SQL Injection",2017-02-08,"Ihsan Sencan",php,webapps,0
 41280,platforms/php/webapps/41280.txt,"Multi Outlets POS 3.1 - 'id' Parameter SQL Injection",2017-02-08,"Ihsan Sencan",php,webapps,0
+41283,platforms/php/webapps/41283.txt,"Mobiketa 3.5 - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0
+41284,platforms/php/webapps/41284.txt,"Sendroid 5.2 - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0
+41285,platforms/php/webapps/41285.txt,"Fome SMS Portal 2.0 - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0
+41286,platforms/php/webapps/41286.txt,"SOA School Management - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0
+41287,platforms/php/webapps/41287.txt,"Client Expert 1.0.1 - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0
+41288,platforms/php/webapps/41288.txt,"EXAMPLO - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0

platforms/php/webapps/41283.txt

@@ -0,0 +1,20 @@
+# # # # # 
+# Exploit Title: Mobiketa - Complete Mobile Marketing v3.5 Script - SQL Injection
+# Google Dork: N/A
+# Date: 09.02.2017
+# Vendor Homepage: http://ynetinteractive.com/
+# Software Buy: https://codecanyon.net/item/mobiketa-complete-mobile-marketing-script-with-bulk-sms-voice-sms-2way-messaging-support/16494684
+# Demo: http://demo.ynetinteractive.com/mobiketa/
+# Version: 3.5
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# Login as client User
+# http://localhost/[PATH]/index.php?url=myCampaign&view=[SQL]
+# http://localhost/[PATH]/index.php?url=newSMSCampaign&use=[SQL]
+# Etc...
+# # # # #

platforms/php/webapps/41284.txt

@@ -0,0 +1,20 @@
+# # # # # 
+# Exploit Title: Sendroid - Bulk SMS Portal, Marketing v5.2 Script - SQL Injection
+# Google Dork: N/A
+# Date: 09.02.2017
+# Vendor Homepage: http://ynetinteractive.com/
+# Software Buy: https://codecanyon.net/item/sendroid-bulk-sms-portal-marketing-2way-messaging-script-with-mobile-app/14657225
+# Demo: http://demo.ynetinteractive.com/sendroid/app/
+# Version: 5.2
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# Login as customer User
+# http://localhost/[PATH]/Compose.php?msgID=[SQL]
+# http://localhost/[PATH]/Compose.php?smsgID=[SQL]
+# Etc...
+# # # # #

platforms/php/webapps/41285.txt

@@ -0,0 +1,20 @@
+# # # # # 
+# Exploit Title: Fome SMS Portal (Advanced) - Bulk SMS Reseller  v2.0 Script - SQL Injection
+# Google Dork: N/A
+# Date: 09.02.2017
+# Vendor Homepage: http://ynetinteractive.com/
+# Software Buy: https://codecanyon.net/item/fome-sms-portal-advanced-bulk-sms-reseller-script/14241587
+# Demo: http://demo.ynetinteractive.com/fomesmsportal/
+# Version: 2.0
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# Login as regular user
+# http://localhost/[PATH]/Compose.php?draftID=[SQL]
+# http://localhost/[PATH]/Compose.php?smsgID=[SQL]
+# Etc...
+# # # # #

platforms/php/webapps/41286.txt

@@ -0,0 +1,20 @@
+# # # # # 
+# Exploit Title: Complete School Management Software with Web Portal - SQL Injection
+# Google Dork: N/A
+# Date: 09.02.2017
+# Vendor Homepage: http://www.ynetinteractive.com/
+# Software Buy: http://www.ynetinteractive.com/soa/
+# Demo: http://www.ynetinteractive.com/soa/demo.php
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# Login as student user
+# Other user groups have vulnerabilities.
+# http://localhost/[PATH]/Document.php?view=[SQL]
+# Etc...
+# # # # #

platforms/php/webapps/41287.txt

@@ -0,0 +1,20 @@
+# # # # # 
+# Exploit Title: Complete Client Management & Billing v1.0.1 Script- SQL Injection
+# Google Dork: N/A
+# Date: 09.02.2017
+# Vendor Homepage: http://www.ynetinteractive.com/
+# Software Buy: http://www.ynetinteractive.com/clientexpert/demo.php
+# Demo: http://www.ynetinteractive.com/clientexpert/demo.php
+# Version: 1.0.1
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# Login as client user
+# http://localhost/[PATH]/index.php?view=ViewInvoice&id=[SQL]
+# http://localhost/[PATH]/index.php?view=ViewTicket&id=[SQL]
+# Etc...
+# # # # #

platforms/php/webapps/41288.txt

@@ -0,0 +1,20 @@
+# # # # # 
+# Exploit Title: Examplo - Online Exam System - SQL Injection
+# Google Dork: N/A
+# Date: 09.02.2017
+# Vendor Homepage: http://softpae.sk/
+# Software Buy: https://codecanyon.net/item/examplo-online-exam-system/16174658
+# Demo: http://munka.softpae.sk/examplo/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# Login as student user
+# http://localhost/[PATH]/index.php?page=exams&action=edit&eid=[SQL]
+# http://localhost/[PATH]/index.php?page=classes&action=send&cid=[SQL]
+# Etc...
+# # # # #