iRealty PHP Real Estate Script PHP Script SQL injection Vulnerability

2010-06-08T00:00:00
ID 1337DAY-ID-12420
Type zdt
Reporter L0rd CrusAd3r
Modified 2010-06-08T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =====================================================================
iRealty PHP Real Estate Script PHP Script SQL injection Vulnerability
=====================================================================


Author: L0rd CrusAd3r aka VSN [[email protected]]
Exploit Title: iRealty PHP Real Estate Script PHP Script SQLi Vulnerable
Published: 2010-06-08
Vendor url:http://www.worksforweb.com
Greetz to:Sid3^effects, MaYur, M4n0j and to all ICW members

#############################################################################################################################################################################

DESCRIPTION:

iRealty Real Estate Script is a SEO-friendly realty PHP script with multi-language user interface.
Key features: videos and images for listings, great listing search and browsing features, multiple listing types (houses, apartments, businesses);
user groups with profiles;
flexible membership plans system and rich advertising opportunities;
convenient billing and payment management;
customizable templates and themes and powerful built-in CMS.

###############################################################################################################################################################################

Vulnerability:

Here you can test the administrative area of iRealty real estate listing script.

Use the following info to login:

Username: demo
Password: demo

demo URL:-

http://www.irealtysoft.com/demo/admin/edit_user_group/?sid=[sqli]
-- 
With R3gards,
L0rd CrusAd3r



#  0day.today [2018-01-04]  #