MC Coming Soon script suffers from arbitrary file upload and improper access restriction vulnerabilities.
501475f78abc74b3873194567aa294e121a5c4a23be42496a3dbd97bb281add5
# # # # #
# Vulnerability: Improper Access Restrictions
# Date: 15.01.2017
# Vendor Homepage: http://microcode.ws/
# Script Name: MC Coming Soon Script
# Script Buy Now: http://microcode.ws/product/mc-coming-soon-php-script/3880
# Author: Adeghsan Aencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# Direct entrance..
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
#
# http://localhost/[PATH]/admin/slider.php
# file.php upload
# http://localhost/[PATH]/admin/imageslider/file.php
#
# http://localhost/[PATH]/admin/launch_time.php
# http://localhost/[PATH]/admin/launch_message.php
# http://localhost/[PATH]/admin/send_message.php
# http://localhost/[PATH]/admin/subscribers.php
# http://localhost/[PATH]/admin/settings.php
# http://localhost/[PATH]/admin/users.php
# Vs.......
# # # # #