EMO Realty Manager - SQL Injection

EDB-ID:

13771

CVE:

N/A

EDB Verified:

Author:

L0rd CrusAd3r

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2010-06-08

Vulnerable App: 
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:EMO Realty Manager SQLi Vulnerable
Published: 2010-06-08
Vendor url:http://emophp.com
Price:249$
Platform: Unix, Linux , Windows

Greetz to:Sid3^effects, aa_Numb, M4n0j and to all ICW members

#############################################################################################################################################################################

DESCRIPTION:

EMO Realty Manager is a full PHP/MySQL content management system for
property companies,
real estate agents or FSBO site. Built using PHP and MySQL, this real estate
website management tool allows for easy updates of properties with image
upload,
category management, listing management, custom usage statistics, mailing
list management, easy to use advanced PHP template system and much more

Features:-

With EMO Realty Manager you can quickly build, manage, and publish
real-estate property to your personal agent or company website.

EMO Realty Manager software is easily administered, powerful, yet affordable
for any budget.

Even though the software is easy to use, help is right around the corner in
the form of our tech support department. We are here to help you and answer
your questions.

EMO Realty Manager is an excellent solution to help you promote your online
real estate presence.

All the tools you need to increase sales and reflect your professional
knowledge is built into EMO Realty Manager. With only a few keystrokes on
your computer, your web site will be launched and...... the success will
follow...

###############################################################################################################################################################################

Vulnerability:

The following URL contains a SQLi vulnerable.

demo URL:-
http://server/emorealty/googlemap/index.php?cat1=[Sqli]

################################################################################################################################################################################

-- 
With R3gards,
L0rd CrusAd3r
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services