by r0t,der4444,cembo,VietMafia

Monday, December 05, 2005

Landshop Real Estate Commerce System Vuln.

Landshop Real Estate Commerce System Vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
Vendor:http://www.landshop.gr/en/index.htm
affected version: 0.6.3 and prior

Product Description:
LandShop is a free system for presentation and sales of real estate through the internet It offers - PDF generation on the fly for administrators and visitors - creation of wishlists for visitors that can be sent by email - multi-language capabilities: English,French, Spanish, German and Greek preinstalled - Support for Google maps - Currency conversion - Extensive configuration options for administrators - Multiple users and user levels (administrator, operator)


Vuln. description:
Input passed to the "start" "search_order" "search_type" "search_area" "keyword" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Also input passed to the "lang" parameter in "ls.php" isn't properly sanitised , attacker can get full path discoloure.

example:
/ls.php?lang=en&action=list&start=[SQL]

/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword
=&search_area=&search_type=&infield=&search_order=[SQL]

/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword
=&search_area=&search_type=[SQL]

/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword=[SQL]

/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword
=&search_area=[SQL]



/ls.php?lang=[CODE]


Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous Anonymous told...

Hi, who can customize LANDSHOP in my web site? I need it urgently,

BGest regards,

Henry
aromazla@hotmail.com

1:15 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew