EMO Realty Manager - SQL Injection

EDB-ID:

13771

CVE:

N/A




Platform:

PHP

Date:

2010-06-08


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:EMO Realty Manager SQLi Vulnerable
Published: 2010-06-08
Vendor url:http://emophp.com
Price:249$
Platform: Unix, Linux , Windows

Greetz to:Sid3^effects, aa_Numb, M4n0j and to all ICW members

#############################################################################################################################################################################

DESCRIPTION:

EMO Realty Manager is a full PHP/MySQL content management system for
property companies,
real estate agents or FSBO site. Built using PHP and MySQL, this real estate
website management tool allows for easy updates of properties with image
upload,
category management, listing management, custom usage statistics, mailing
list management, easy to use advanced PHP template system and much more

Features:-

With EMO Realty Manager you can quickly build, manage, and publish
real-estate property to your personal agent or company website.

EMO Realty Manager software is easily administered, powerful, yet affordable
for any budget.

Even though the software is easy to use, help is right around the corner in
the form of our tech support department. We are here to help you and answer
your questions.

EMO Realty Manager is an excellent solution to help you promote your online
real estate presence.

All the tools you need to increase sales and reflect your professional
knowledge is built into EMO Realty Manager. With only a few keystrokes on
your computer, your web site will be launched and...... the success will
follow...

###############################################################################################################################################################################

Vulnerability:

The following URL contains a SQLi vulnerable.

demo URL:-
http://server/emorealty/googlemap/index.php?cat1=[Sqli]

################################################################################################################################################################################

-- 
With R3gards,
L0rd CrusAd3r