Real Estate Portal v4.1 Multiple Persistent XSS Vulnerabilities


Vendor: NetArt Media
Product web page: http://www.netartmedia.net
Affected version: 4.1

Summary: Real Estate Portal is a software written in PHP,
allowing you to launch powerful and professional looking
real estate portals with rich functionalities for the private
sellers, buyers and real estate agents to list properties
for sale or rent, search in the database, show featured
ads and many others. The private sellers can manage their
ads at any time through their personal administration space.

Desc: Real Estate Portal suffers from multiple persistent
cross-site scripting vulnerabilities. The issue is triggered 
when input passed via multiple POST parameters is not properly 
sanitized before being returned to the user. This can be exploited 
to execute arbitrary HTML and script code in a user's browser 
session in context of an affected site. 

Tested on: nginx/1.10.0
           PHP/5.2.17
           MySQL/5.1.66


Vulnerability discovered by Bikramaditya Guha aka "PhoenixX"
                            @zeroscience


Advisory ID: ZSL-2016-5325
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5325.php


06.05.2016

---


1. Persistent Cross Site Scripting:
-----------------------------------

http://localhost/USERS/index.php
Parameters: title, html, headline, size, youtube_id, address, latitude, longitude, user_first_name, user_last_name, agency, user_phone, user_email, website (POST)
Payload: " onmousemove=alert(1)