Relative Real Estate Systems SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/relative-real-estate-systems-sql-inj.html Vendor:http://www.dboorn.com/estate/ affected version:1.02 and prior
Product Description: Elegant real estate script that allows for unlimited listings and agents with featured listings, unlimited photos, advanced search engine, user login option, user tracking, dynamic slide shows, Mls/Idx support, multiple agents with photo, mortgage calculator, schools info, C.M.A. request form, full admin panel, much more...
Vuln. description: Input passed to the "mls" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
example: /index.php?name=&price_from=&price_to= &city=&state=SC&mls=[SQL]&bathroom=-1 &bedrooms=-1&go=search&results=1
Solution: Edit the source code to ensure that input is properly sanitised.