iRealty PHP Real Estate Script SQL Injection

2010-06-09T00:00:00
ID PACKETSTORM:90429
Type packetstorm
Reporter L0rd CrusAd3r
Modified 2010-06-09T00:00:00

Description

                                        
                                            `Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]  
Exploit Title: iRealty PHP Real Estate Script PHP Script SQLi Vulnerable  
Published: 2010-06-08  
Vendor url:http://www.worksforweb.com  
Greetz to:Sid3^effects, MaYur, M4n0j and to all ICW members  
  
#############################################################################################################################################################################  
  
DESCRIPTION:  
  
iRealty Real Estate Script is a SEO-friendly realty PHP script with multi-language user interface.   
Key features: videos and images for listings, great listing search and browsing features, multiple listing types (houses, apartments, businesses);   
user groups with profiles;   
flexible membership plans system and rich advertising opportunities;   
convenient billing and payment management;   
customizable templates and themes and powerful built-in CMS.  
  
###############################################################################################################################################################################  
  
Vulnerability:  
  
Here you can test the administrative area of iRealty real estate listing script.  
  
Use the following info to login:  
  
Username: demo  
Password: demo  
  
demo URL:-  
  
http://www.irealtysoft.com/demo/admin/edit_user_group/?sid=[sqli]  
  
################################################################################################################################################################################  
`