Virtual Real Estate Manager 3.5 SQL Injection

2011-11-08 / 2011-11-09
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Name : Virtual Real Estate Manager V 3.5 SQLi Vulnerability Date : june, 9 2010 Vendor url :http://www.mckenziecreations.net/products.htm Platform: Windows Price:$39.95 Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com> special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_ greetz to :All ICW members. ############################################################################################################### Description: Looking for a Real Estate Listing script? Our Virtual Real Estate Manager was developed in ASP ( Active Server Pages ) and an Access database. End User Features : &#187; Search by Area and type of property &#187; Listings Page includes thumbnail of the property, Short Description, city, date added and price. &#187; Details Page includes - 4 thumbnails that open in a new window with larger view. Heading, Description of the property, Details of the property, email to a friend and request more info. Admin Features : &#187; Add, Edit and Delete Properties - upload images &#187; Add, Edit and Delete Categories &#187; Add, Edit and Delete Area &#187; Change Password VRM : Is delivered via a ZIP file. You receive this exact template with the application. Easy to customize with knowledge of html or one of the following: Design Requirements : Front page - Recommended * Macromedia Dreamweaver Configuration Requirements: Notepad WordPad ############################################################################################################### Xploit: SQLi Vulnerability DEMO URL: http://www.mckenziecreations.net/VRMdemo/listing_detail.asp?Lid=[SQLi] ############################################################################################################### # 0day no more # Sid3^effects

References:

http://xforce.iss.net/xforce/xfdb/59290
http://www.securityfocus.com/bid/40687
http://www.exploit-db.com/exploits/13789
http://secunia.com/advisories/40166
http://packetstormsecurity.org/1006-exploits/virtualrealestate-sql.txt
http://osvdb.org/65415


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top