Real Estates Property CMS 2012 - Multiple Web Vulnerabilities

2012-05-02T00:00:00
ID 1337DAY-ID-18180
Type zdt
Reporter Benjamin K.M.
Modified 2012-05-02T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Title:
======
Real Estates Property CMS 2012 - Multiple Web Vulnerabilities

Introduction:
=============
Real Estate property is an online real-estate service committed to helping you make wise and profitable 
decisions related to buying, selling, renting and leasing of properties, in India and key global geographies. 
It will provide a fresh new approach to our esteemed users to search for properties to buy or rent, and 
list their properties for selling or leasing.

(Copy of the Vendor Homepage:  http://www.gharwhar.com)

Details:
========
1.1
A remote SQL Injection vulnerability is detected on Real Estates property website cms 2012 Q2.
The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands 
on the affected application dbms. Successful exploitation of the vulnerability results in dbms & application compromise.

Vulnerable Module(s):
			[+] Project-Shree_Balaji_-Ahmedabad-4
			[+] property_listings_detail.php?listingid=12[
			[+] my_account_edit_builder_project.php?id=37%27
			[+] my_account_view_builder_project.php?id=37


--- SQL Exception Logs ---
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version 
for the right syntax to use near \\\\\\\'Approved\\\\\\\' AND proj_featured=\\\\\\\'yes\\\\\\\'\\\\\\\' at line 1
-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version 
for the right syntax to use near  Approved  AND proj_featured= yes  at line 1
-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version 
for the right syntax to use near  37  at line 1

1.2
A persistent input validation vulnerabilities are detected Real Estates property website cms 2012 Q2.
The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent).
Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent) 
context manipulation. Exploitation requires low user inter action.
                                       
Vulnerable Module(s):
			[+] Create Object - Project Name / Title/Short Description/Project TypeProject Location / Address/Contact Person/Address

					
1.3 Arbiritrary File Upload
Arbitrary file upload vulnerability allows the attacker to upload different files that aren\\\\\\\'t images or pdf. The attacker can upload these files after, he/she remans them to file.php%00.jpg. The null byte get truncated and the the file file.php get uploaded 

Vulnerable Module(s):
			[+] Property Details - uploading propertied photos
			[+] add profile photo



#  0day.today [2018-02-17]  #