Simple to Use Property Management System SQLi & XSS Vulnerability

2010-06-09T00:00:00
ID 1337DAY-ID-12605
Type zdt
Reporter L0rd CrusAd3r
Modified 2010-06-09T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =================================================================
Simple to Use Property Management System SQLi & XSS Vulnerability
=================================================================

Author: L0rd CrusAd3r aka VSN [[email protected]]
Exploit Title: Simple to Use Property Management System SQLi & XSS Vulnerability
Version:n/a
Platform:Linux, Windows
Price:12$
Vendor url:http://mypropertysite.biz
Published: 2010-06-09
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue??, S1ayer,d3c0d3r and to all ICW members

#####################################################################################################################################################################################################

Description:

The system is hosted on my server and you will be given unlimited support either by telephone, email or using Crossloop the live support? tool.
This property management system will allow you to add unlimited properties to you site plus unlimited pages very easily using your home or office PC.
You can add unlimited pictures to each listing and also the images are resized while being uploaded.
All images are watermarked with your logo so anyone lifting them off the site cant use them without showing off your logo.
The system allows you to add and edit locations ie suburbs plus you can add any type of property you need and it is all done very easily using the passworded admin section.
I have built this system with the advise of people who own my previous property management systems.
#######################################################################################################################################################################################################

Vulnerability:

*SQLi Vulnerability


DEMO URL :http://mypropertysite.biz/showproperty.php?id=[SQLi]


*XSS Vulnerability

Pattern:'"--><script>alert(0x000872)</script>


DEMO URL :http://mypropertysite.biz/showproperty.php?id=[XSS]



#  0day.today [2018-01-08]  #