Rae Media INC Real Estate Single and Multi Agent System SQL Injection

2011.02.16
Credit: R4dc0re
Risk: High
Local: No
Remote: Yes
CVE: CVE-2010-4738
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 _ __ __ ________ __ __ 3 7 /' \ /'__`\ /'__`\ /\_____ \ /\ \/\ \ 7 1 /\_, \/\_\L\ \ /\_\L\ \\/___//'/' \_\ \ \ \____ 1 3 \/_/\ \/_/_\_<_\/_/_\_<_ /' /' /'_` \ \ '__`\ 3 3 \ \ \/\ \L\ \ /\ \L\ \ /' /' /\ \L\ \ \ \L\ \ 3 7 \ \_\ \____/ \ \____//\_/ \ \___,_\ \_,__/ 7 1 \/_/\/___/ \/___/ \// \/__,_ /\/___/ 1 3 >> Exploit database separated by exploit 3 3 type (local, remote, DoS, etc.) 3 7 7 1 [+] Site : 1337db.com 1 3 [+] Support e-mail : submit[at]1337db.com 3 3 3 7 ########################################## 7 1 I'm R4dc0re 1337 Member from 1337 DataBase 1 3 ########################################## 3 3 3 7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7 # Author: R4dc0re # Exploit Title: Rae Media INC Real Estate Single and Multi Agent System SQL injection Vulnerability # Date: 05-12-2010 # Vendor or Software Link: http://www.aliensoftcorp.com/ # Category:WebApp #Demo Link:http://www.realestatelakecountry.com #Version:3.0 #Price:300$ #Contact: R4dc0re@yahoo.fr #Website: www.1337db.com #Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members Submit Your Exploit at Submit@1337db.com ######################################################################################## [Product Detail] Developed it from the ground up, we are one of the original pioneers of this type of system and we have been copied many times over. Originally developed in 1999 and continuously upgraded to become one of most trusted, stable system available. Our real estate listing software has help hundreds of real estate agents, real estate offices, real estate listings portals and even private real estate sellers reach buyers and sellers and provide them with a professional looking and functioning listings database. The team at Rae Media can customize or develop a system to meet any requirements. Contact our sales team to discuss your requirements, toll free 1-877-700-6688 [Vulnerability] SQL Injection: Single Agent: http://www.realestatelakecountry.com/resulttype.asp?probe=[Code] Multi Agent: http://www.realestatelakecountry.com/multi/city.asp?probe=[Code] ########################################################################################

References:

http://www.securityfocus.com/bid/45212
http://www.securityfocus.com/bid/45211
http://secunia.com/advisories/42515
http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt
http://osvdb.org/69628
http://osvdb.org/69627


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top