SQL Injection in EasyRealtorPRO 2008

2008.09.26
Credit: SmOk3
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Original article: http://www.davidsopas.com/2008/09/sql-injection-in-easyrealtorpro/ "EasyRealtorPRO 2008 provides you with all features you need to setup your own business oriented real estate website on your own domain name. Our support team will install the script on your server and then you can start selling packages to home sellers at ease." in vendor website easyrealtorpro.com This PHP script is vulnerable to SQL Injection in site_search.php file. Manipulating the unfiltred variables, a user can execute SQL commands to gather other information. The problem is located under the variables item, search_ordermethod and search_order. Proof of concept: site_search.php?search_purpose=sale&search_type=& search_price_min=&search_price_max=&search_bedroom=1& search_bathroom=1&search_city=&search_state=& search_zip=&search_radius=&search_country=& search_order=type&search_ordermethod=asc&page=2& item=5'SQL INJECTION site_search.php?search_purpose=sale&search_type=& search_price_min=&search_price_max=&search_bedroom=1& search_bathroom=1&search_city=&search_state=& search_zip=&search_radius=&search_country=& search_order=type&search_ordermethod=asc'SQL INJECTION& page=2&item=5 site_search.php?search_purpose=sale&search_type=& search_price_min=&search_price_max=&search_bedroom=1& search_bathroom=1&search_city=&search_state=& search_zip=&search_radius=&search_country=& search_order=type'SQL INJECTION&search_ordermethod=asc& page=2&item=5 Solution: The vendor was contacted 2 weeks ago and still not reply to my email. It can be fixed with the sanitize of the variables.

References:

http://www.securityfocus.com/bid/31401
http://www.securityfocus.com/archive/1/archive/1/496744/100/0/threaded
http://www.davidsopas.com/2008/09/sql-injection-in-easyrealtorpro/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top