2daybiz Real Estate Portal "viewpropertydetails.php" SQL injection

vendor:

Real Estate Portal

by:

Sangteamtham

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Real Estate Portal

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: 2daybiz/realestate_portalscript

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

2daybiz Real Estate Portal “viewpropertydetails.php” SQL injection

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'viewpropertydetails.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to the application, retrieve sensitive information from the database, modify data, or execute arbitrary code on the server.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

$-------------------------------------------------------------------------------------------------------------------
$ 2daybiz Real Estate Portal "viewpropertydetails.php" SQL injection
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download :http://www.2daybiz.com/realestate_portalscript.html
$ Date :06/24/2010
$
$******************************************************************************************
$Exploit:
$
$ http://server/viewpropertydetails.php?id=[id number][SQL]
$
$ Greetz to: All Vietnamese hackers and Hackers out there researching for
more security
$
$
$--------------------------------------------------------------------------------------------------------------------