Real Estate – SQL Injection

• Exploit Database
• 14 阅读

• 作者： L0rd CrusAd3r
  日期： 2010-06-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13897/

• Description
  
  Linux And window Version available:
  This software is available in both windows and linux version. It runs on asp
  and php extension.
  
  Listings:
  We can add unlimited property listing, with the property photo. System
  automatically creates three thumbnail photo of the property. Which are
  display in listing search result display, view details page and view full
  image size page. ( click here for Thumbnail )
  
  Listing Options:
  Once viewing a property the visitor can contact the Listing poster and also
  send a "Tell a Friend" note to his friends. Visitor can easily go to the
  print page where they can easily print the printer friendly page.
  ( click here for Thumbnail )
  
  Search Facility:
  Our system search is very simple search. Visitor can give the min. and max
  price , address e.t.c and search the listing.
  ( click here for Thumbnail )
  
  Featured Properties:
  Four Newly added listing will be displayed in the featured properties list.
  You can copy and paste this code any where in your page to display the
  result. The sample of the code is added in the user home page.
  ( click here for Thumbnail )<
  
  Newsletter Signup:
  Visitors can sign up to the newsletter by just filling up their names and
  email address. System will only add new emails if notifies the visitors if
  their email is already in system database.
  ( click here for Thumbnail )
  
  Listing Control:
  Admin and agents can login to the system and mange the listing. Admin can
  edit/ delete all the listing while agents can only modify their own links.
  
  Newsletter Manager:
  Admin panel has full featured mailing list newsletter manager. Admin can
  create unlimited mailing list and add unlimited email address to each
  mailing list. System can send email in both HTML and plain format. Admin can
  view preview of emails before sending them.
  ( click here for Thumbnail )
  
  Email settings:
  Admin can easily set the email like forget password email, subscription and
  un subscription email, photo approved email , photo upload alert email and
  many more. ( click here for Thumbnail )
  
  Easy Setup:
  Setting up this software is very easy. Just unzip the files and upload it to
  your server. then just set one file and you are ready to go.
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  
  Vulnerability:
  
  *SQLi Vulnerability
  
  DEMO URL :
  
  http://[site]/realestate/list.asp?agent=[sqli]
  
  http://[site]/realestate/viewphoto.asp?id=[sqli]
  
  
  # 0day n0 m0re #
  # L0rd CrusAd3r #
  
  
  -- 
  With R3gards,
  L0rd CrusAd3r