Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20608
HistorySep 29, 2008 - 12:00 a.m.

SQL Injection in EasyRealtorPRO 2008

2008-09-2900:00:00
vulners.com
28
JSON

Original article:
http://www.davidsopas.com/2008/09/sql-injection-in-easyrealtorpro/

"EasyRealtorPRO 2008 provides you with all features you need to setup
your own business oriented real estate website on your own domain
name. Our support team will install the script on your server and then
you can start selling packages to home sellers at ease." in vendor
website easyrealtorpro.com

This PHP script is vulnerable to SQL Injection in site_search.php file.

Manipulating the unfiltred variables, a user can execute SQL commands
to gather other information. The problem is located under the
variables item, search_ordermethod and search_order.

Proof of concept:

site_search.php?search_purpose=sale&search_type=&
search_price_min=&search_price_max=&search_bedroom=1&
search_bathroom=1&search_city=&search_state=&
search_zip=&search_radius=&search_country=&
search_order=type&search_ordermethod=asc&page=2&
item=5'SQL INJECTION

site_search.php?search_purpose=sale&search_type=&
search_price_min=&search_price_max=&search_bedroom=1&
search_bathroom=1&search_city=&search_state=&
search_zip=&search_radius=&search_country=&
search_order=type&search_ordermethod=asc'SQL INJECTION&
page=2&item=5

site_search.php?search_purpose=sale&search_type=&
search_price_min=&search_price_max=&search_bedroom=1&
search_bathroom=1&search_city=&search_state=&
search_zip=&search_radius=&search_country=&
search_order=type'SQL INJECTION&search_ordermethod=asc&
page=2&item=5

Solution: The vendor was contacted 2 weeks ago and still not reply to
my email. It can be fixed with the sanitize of the variables.

JSON