EMO Realty Manager SQLi Vulnerable

vendor:

EMO Realty Manager

by:

L0rd CrusAd3r aka VSN

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: EMO Realty Manager

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unix, Linux, Windows

2010

EMO Realty Manager SQLi Vulnerable

EMO Realty Manager is a full PHP/MySQL content management system for property companies, real estate agents or FSBO site. Built using PHP and MySQL, this real estate website management tool allows for easy updates of properties with image upload, category management, listing management, custom usage statistics, mailing list management, easy to use advanced PHP template system and much more. The vulnerability exists in the URL http://server/emorealty/googlemap/index.php?cat1=[Sqli], which is vulnerable to SQL injection.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:EMO Realty Manager SQLi Vulnerable
Published: 2010-06-08
Vendor url:http://emophp.com
Price:249$
Platform: Unix, Linux , Windows

Greetz to:Sid3^effects, aa_Numb, M4n0j and to all ICW members

#############################################################################################################################################################################

DESCRIPTION:

EMO Realty Manager is a full PHP/MySQL content management system for
property companies,
real estate agents or FSBO site. Built using PHP and MySQL, this real estate
website management tool allows for easy updates of properties with image
upload,
category management, listing management, custom usage statistics, mailing
list management, easy to use advanced PHP template system and much more

Features:-

With EMO Realty Manager you can quickly build, manage, and publish
real-estate property to your personal agent or company website.

EMO Realty Manager software is easily administered, powerful, yet affordable
for any budget.

Even though the software is easy to use, help is right around the corner in
the form of our tech support department. We are here to help you and answer
your questions.

EMO Realty Manager is an excellent solution to help you promote your online
real estate presence.

All the tools you need to increase sales and reflect your professional
knowledge is built into EMO Realty Manager. With only a few keystrokes on
your computer, your web site will be launched and...... the success will
follow...

###############################################################################################################################################################################

Vulnerability:

The following URL contains a SQLi vulnerable.

demo URL:-
http://server/emorealty/googlemap/index.php?cat1=[Sqli]

################################################################################################################################################################################

-- 
With R3gards,
L0rd CrusAd3r