EMO Realty Manager SQL Injection Vulnerability
Posted on 08 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>EMO Realty Manager SQL Injection Vulnerability </title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>============================================== EMO Realty Manager SQL Injection Vulnerability ============================================== Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Exploit Title:EMO Realty Manager? SQLi Vulnerable Published: 2010-06-08 Vendor url:http://emophp.com Price:249$ Platform: Unix, Linux , Windows Greetz to:Sid3^effects, aa_Numb, M4n0j and to all ICW members ############################################################################################################################################################################# DESCRIPTION: EMO Realty Manager is a full PHP/MySQL content management system for property companies, real estate agents or FSBO site. Built using PHP and MySQL, this real estate website management tool allows for easy updates of properties with image upload, category management, listing management, custom usage statistics, mailing list management, easy to use advanced PHP template system and much more Features:- With EMO Realty Manager you can quickly build, manage, and publish real-estate property to your personal agent or company website. EMO Realty Manager software is easily administered, powerful, yet affordable for any budget. Even though the software is easy to use, help is right around the corner in the form of our tech support department. We are here to help you and answer your questions. EMO Realty Manager is an excellent solution to help you promote your online real estate presence. All the tools you need to increase sales and reflect your professional knowledge is built into EMO Realty Manager. With only a few keystrokes on your computer, your web site will be launched and...... the success will follow... ############################################################################################################################################################################### Vulnerability: The following URL contains a SQLi vulnerable. demo URL:- http://emophp.com/emorealty/googlemap/index.php?cat1=[Sqli] ################################################################################################################################################################################ -- With R3gards, L0rd CrusAd3r # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-08]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
