ad

Real Estate SQL Injection Vulnerability



EDB-ID: 13897 CVE: N/A OSVDB-ID: N/A
Author: L0rd CrusAd3r Published: 2010-06-16 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
Description

Linux And window Version available:
This software is available in both windows and linux version. It runs on asp
and php extension.

Listings:
We can add unlimited property listing, with the property photo. System
automatically creates three thumbnail photo of the property. Which are
display in listing search result display, view details page and view full
image size page. ( click here for Thumbnail )

Listing Options:
Once viewing a property the visitor can contact the Listing poster and also
send a "Tell a Friend" note to his friends. Visitor can easily go to the
print page where they can easily print the printer friendly page.
( click here for Thumbnail )

Search Facility:
Our system search is very simple search. Visitor can give the min. and max
price , address e.t.c and search the listing.
( click here for Thumbnail )

Featured Properties:
Four Newly added listing will be displayed in the featured properties list.
You can copy and paste this code any where in your page to display the
result. The sample of the code is added in the user home page.
( click here for Thumbnail )<

Newsletter Signup:
Visitors can sign up to the newsletter by just filling up their names and
email address. System will only add new emails if notifies the visitors if
their email is already in system database.
( click here for Thumbnail )

Listing Control:
Admin and agents can login to the system and mange the listing. Admin can
edit/ delete all the listing while agents can only modify their own links.

Newsletter Manager:
Admin panel has full featured mailing list newsletter manager. Admin can
create unlimited mailing list and add unlimited email address to each
mailing list. System can send email in both HTML and plain format. Admin can
view preview of emails before sending them.
( click here for Thumbnail )

Email settings:
Admin can easily set the email like forget password email, subscription and
un subscription email, photo approved email , photo upload alert email and
many more. ( click here for Thumbnail )

Easy Setup:
Setting up this software is very easy. Just unzip the files and upload it to
your server. then just set one file and you are ready to go.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://[site]/realestate/list.asp?agent=[sqli]

http://[site]/realestate/viewphoto.asp?id=[sqli]


# 0day n0 m0re #
# L0rd CrusAd3r #


-- 
With R3gards,
L0rd CrusAd3r