GREEZLE - Global Real Estate Agent Site Authentication ByPas
Posted on 09 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>GREEZLE - Global Real Estate Agent Site Authentication ByPass</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>============================================================= GREEZLE - Global Real Estate Agent Site Authentication ByPass ============================================================= Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Exploit Title: GREEZLE - Global Real Estate Agent Site Authentication ByPass Published: 2010-06-09 Vendor url:http://www.ifstudio.org/greezla/ Price:99$ Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue??, S1ayer and to all ICW members Description: GREEZLE is an easy in use site which allows to sell online any real estate objects. Visitors are able to browse, search and view properties. It allows you to create agent accounts, who can also sell any real estate objects at a fee you charge. Vulnerability: *Authentication Bypass found The Provided Script as Sqli Vulnerability in Admin Login page DEMO URL : http://properties.ifstudio.org/en/login Use the string a' or '1'='1 for User name and Password to gain access # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-09]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
