Bs Realtor_Web Script Sqli Vulnerability

vendor:

Realtor_Web Script

by:

Sid3^effects aKa HaRi

CVSS

HIGH

SQL Injection

CWE

Product Name: Realtor_Web Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Bs Realtor_Web Script Sqli Vulnerability

BrotherScripts Realtor_Web Script is vulnerable to SQL injection, allowing an attacker to execute arbitrary SQL commands on the underlying database. This can be exploited to gain access to sensitive data stored in the database, such as user credentials, or to modify data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :   Bs Realtor_Web Script Sqli Vulnerability
Date : july 5,2010
Critical Level 	: HIGH
vendor URL :http://www.brotherscripts.com/
Price:$24.95
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description : 
Get Your own professional, great designed Realtor Website at BrotherScripts. We are selling a fully created, professional software which allows real estate agents to create their own sales platform fast and easily. Home buyers can browse/search available properties for free. The listings of property are clearly detailed with features, photos, and driving directions linked to MapQuest.
#######################################################################################################
Xploit :SQli Vulnerability

DEMO URL 1:http://server/Realtor_Web/search.php?c=[sqli]

###############################################################################################################
# 0day no more 
# Sid3^effects