EMO Realty Manager remote SQL injection

2010.06.10
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Published: 2010-06-08 Vendor url:http://emophp.com Price:249$ Platform: Unix, Linux , Windows Greetz to:Sid3^effects, aa_Numb, M4n0j and to all ICW members ############################################################################################################################################################################# DESCRIPTION: EMO Realty Manager is a full PHP/MySQL content management system for property companies, real estate agents or FSBO site. Built using PHP and MySQL, this real estate website management tool allows for easy updates of properties with image upload, category management, listing management, custom usage statistics, mailing list management, easy to use advanced PHP template system and much more Features:- With EMO Realty Manager you can quickly build, manage, and publish real-estate property to your personal agent or company website. EMO Realty Manager software is easily administered, powerful, yet affordable for any budget. Even though the software is easy to use, help is right around the corner in the form of our tech support department. We are here to help you and answer your questions. EMO Realty Manager is an excellent solution to help you promote your online real estate presence. All the tools you need to increase sales and reflect your professional knowledge is built into EMO Realty Manager. With only a few keystrokes on your computer, your web site will be launched and...... the success will follow... ############################################################################################################################################################################### Vulnerability: demo URL:- http://emophp.com/emorealty/googlemap/index.php?cat1=[Sqli] ################################################################################################################################################################################

References:

http://www.vupen.com/english/advisories/2010/1404
http://www.securityfocus.com/bid/40625
http://packetstormsecurity.org/1006-exploits/emorealtymanager-sql.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top