EMO Realty Manager remote SQL injection

2010.06.10
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


Ogólna skala CVSS: 7.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Published: 2010-06-08 Vendor url:http://emophp.com Price:249$ Platform: Unix, Linux , Windows Greetz to:Sid3^effects, aa_Numb, M4n0j and to all ICW members ############################################################################################################################################################################# DESCRIPTION: EMO Realty Manager is a full PHP/MySQL content management system for property companies, real estate agents or FSBO site. Built using PHP and MySQL, this real estate website management tool allows for easy updates of properties with image upload, category management, listing management, custom usage statistics, mailing list management, easy to use advanced PHP template system and much more Features:- With EMO Realty Manager you can quickly build, manage, and publish real-estate property to your personal agent or company website. EMO Realty Manager software is easily administered, powerful, yet affordable for any budget. Even though the software is easy to use, help is right around the corner in the form of our tech support department. We are here to help you and answer your questions. EMO Realty Manager is an excellent solution to help you promote your online real estate presence. All the tools you need to increase sales and reflect your professional knowledge is built into EMO Realty Manager. With only a few keystrokes on your computer, your web site will be launched and...... the success will follow... ############################################################################################################################################################################### Vulnerability: demo URL:- http://emophp.com/emorealty/googlemap/index.php?cat1=[Sqli] ################################################################################################################################################################################

Referencje:

http://www.vupen.com/english/advisories/2010/1404
http://www.securityfocus.com/bid/40625
http://packetstormsecurity.org/1006-exploits/emorealtymanager-sql.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top