header-logo
Suggest Exploit
vendor:
Viavi Real Estate
by:
Ihsan Sencan
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Viavi Real Estate
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:viavilab:viavi_real_estate
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

Viavi Real Estate – SQL Injection

Viavi Real Estate is prone to an SQL injection vulnerability. An attacker can exploit this issue by supplying malicious SQL statements to the vulnerable parameter. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize all user-supplied input to prevent malicious SQL code from being passed to the back-end database.
Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Viavi Real Estate - SQL Injection
# Google Dork: N/A
# Date: 12.02.2017
# Vendor Homepage: http://viavilab.com/
# Software Buy: https://codecanyon.net/item/viavi-real-estate/11217313
# Demo: http://viavilab.com/codecanyon/real_estate_demo/
# Version: N/A
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/property-detail.php?pid=[SQL]
# http://localhost/[PATH]/buysalerent.php?sort=[SQL]
# Etc..
# # # # #

Navigation

Suggest Exploit

Services By CQR