by r0t,der4444,cembo,VietMafia

Monday, December 05, 2005

Relative Real Estate Systems SQL inj. vuln.

Relative Real Estate Systems SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
Vendor:http://www.dboorn.com/estate/
affected version:1.02 and prior

Product Description:
Elegant real estate script that allows for unlimited listings and agents with featured listings, unlimited photos, advanced search engine, user login option, user tracking, dynamic slide shows, Mls/Idx support, multiple agents with photo, mortgage calculator, schools info, C.M.A. request form, full admin panel, much more...

Vuln. description:
Input passed to the "mls" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/index.php?name=&price_from=&price_to=
&city=&state=SC&mls=[SQL]&bathroom=-1
&bedrooms=-1&go=search&results=1

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Blogger Mortgage Center told...

I just came across your blog and wanted to drop you a note telling you how impressed I was with the information you have posted here.
I also have a web site & blog about mortgage calc so I know what I'm talking about when I say your site is top-notch! Keep up the great work!

10:21 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew