Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection

Exploit Title: Multilanguage Real Estate MLM Script = 3.0 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/y2OP4658391/php-scripts/multilanguage-real-estate-mlm-script Version: = 3.0 Category: Webapps...

Hot Scripts Clone - 'subctid' SQL Injection

Exploit Title: Hot Scripts Clone Script 1.0 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/M72g4502563/php-scripts/hot-scripts-clone-:-script-classified Version: 1.0 Category: Webapps Tested on:...

Zomato Clone Script Arbitrary File Upload

Zomato Clone - Arbitrary File Upload Date: 16.01.2018 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/099S4111872/php-scripts/zomato-clone-script Demo: http://jhinstitute.com/demo/foodpanda/ Version: N/A Category: Webapps Tested on: Windows 10...

VideoDuo 3.1 Cross Site Scripting

Exploit Title: VideoDuo - Video Search Engine PHP Script - xss Google Dork: N/A Date: 2018/06/01 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://ephp.site Software Buy: https://www.codester.com/items/5031/videoduo-video-search-engine-php-script Demo:...

GoodTravel Travel And Locations 1.0 Cross Site Scripting Vulnerability

GoodTravel Travel and Locations PHP script and mobile application version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: GoodTravel - Travel & Locations PHP Script & Mobile App - xss Google Dork: N/A Date: 2017/28/12 Exploit Author: ShanoWeb Author Mail :...

PHP Scripts Mall Single Theater Booking Cross-Site Request Forgery Vulnerability

PHP Scripts Mall Single Theater Booking is an open source theater script. A cross-site request forgery vulnerability exists in PHP Scripts Mall Single Theater Booking. A remote attacker can use the admin/sitesettings.php file to change sensitive settings on the user panel, or even inject web scri...

Western Digital MyCloud multi_uploadify File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :uri = '/web/', :pattern = /Apache/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initializeinfo=...

Readymade Video Sharing Script 3.2 HTML Injection

Exploit Title: Readymade Video Sharing Script 3.2 - HTML Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Demo: http://www.smsemailmarketing.in/demo/videosharing/ Version: 3.2...

PHP Scripts Mall Foodspotting Clone Script SQL Injection Vulnerability

PHP Scripts Mall Foodspotting Clone Script is a PHP based online food and beverage ordering script by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Foodspotting Clone Script version 1.0. A remote attacker can exploit the vulnerability by sending the 'q' paramete...

Paid To Read Script 2.0.5 SQL Injection

Exploit Title: Paid To Read Script 2.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/paid-to-read-script/ Version: 2.0.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2017-17651...

Paid To Read Script 2.0.5 - 'uid' / 'fnum' / 'fn' SQL Injection

Exploit Title: Paid To Read Script 2.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/paid-to-read-script/ Version: 2.0.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2017-17651...

CVE-2017-17594

DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter...

Sql injection

DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter...

CVE-2017-17568

Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/useractivatesubmit.php aka the backend PHP script, which might allow remote attackers to obtain sensitive information via a direct request...

Design/Logic Flaw

Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/useractivatesubmit.php aka the backend PHP script, which might allow remote attackers to obtain sensitive information via a direct request...

CVE-2017-17594

DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter...

Resume Clone Script 2.0.5 SQL Injection

Exploit Title: Resume Clone Script 2.0.5 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/resume-builder-script/ Version: 2.0.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Autho...

Opensource Classified Ads Script 3.2 SQL Injection

...

Car Rental Script 2.0.4 SQL Injection

Exploit Title: Car Rental Script 2.0.4 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/car-rental-script/ Version: 2.0.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihs...

Entrepreneur Bus Booking Script 3.0.4 SQL Injection

Exploit Title: Entrepreneur Bus Booking Script 3.0.4 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/entrepreneur-bus-booking-script/ Version: 3.0.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...