Landshop Real Estate Commerce System Vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/landshop-real-estate-commerce-system.html Vendor:http://www.landshop.gr/en/index.htm affected version: 0.6.3 and prior
Product Description: LandShop is a free system for presentation and sales of real estate through the internet It offers - PDF generation on the fly for administrators and visitors - creation of wishlists for visitors that can be sent by email - multi-language capabilities: English,French, Spanish, German and Greek preinstalled - Support for Google maps - Currency conversion - Extensive configuration options for administrators - Multiple users and user levels (administrator, operator)
Vuln. description: Input passed to the "start" "search_order" "search_type" "search_area" "keyword" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Also input passed to the "lang" parameter in "ls.php" isn't properly sanitised , attacker can get full path discoloure.
Solution: Edit the source code to ensure that input is properly sanitised.