Home / os / win7

PHP Real Estate Script SQL Injection Vulnerability

Posted on 09 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>PHP Real Estate Script SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>==================================================
PHP Real Estate Script SQL Injection Vulnerability
==================================================


Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:PHP Real Estate Script SQLi Vulnerability
Version:1.0
Price:249$
Vendor url:http://www.realestates.com.bd/
Published: 2010-06-09
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r and to all ICW members

#####################################################################################################################################################################################################

Description:

Eicra Real Estate Script is a fully scalable turn-key PHP MySQL? Real Estate.
Charge members to list ads or run in free mode.
It is a powerful combination of the most desired features and easy-to-use interface for property management tasks.
This professional real estate system allows you to automate and simplify the realty business process.
?With this solution be able to transform your business into a more efficient, productive and prosperous e-business enterprise.
?EicraRealEstate is a fully scalable turnkey PHP MySQL real estate script allowing site administrators to charge members to list properties.
#######################################################################################################################################################################################################

Vulnerability:

*SQLi Vulnerability

DEMO URL :http://demo.realestates.com.bd/index.php?plugin_id=28&amp;p_id=[sqli]

# 0day n0 m0re #
# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-09]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :