Real Estates Property CMS 2012 - Multiple Web Vulnerabilities



EKU-ID: 2047 CVE: OSVDB-ID:
Author: expku Published: 2012-05-03 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


Title:
======
Real Estates Property CMS 2012 - Multiple Web Vulnerabilities

Introduction:
=============
Real Estate property is an online real-estate service committed to helping you make wise and profitable
decisions related to buying, selling, renting and leasing of properties, in India and key global geographies.
It will provide a fresh new approach to our esteemed users to search for properties to buy or rent, and
list their properties for selling or leasing.

(Copy of the Vendor Homepage:  http://www.gharwhar.com)

Details:
========
1.1
A remote SQL Injection vulnerability is detected on Real Estates property website cms 2012 Q2.
The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands
on the affected application dbms. Successful exploitation of the vulnerability results in dbms & application compromise.

Vulnerable Module(s):
[+] Project-Shree_Balaji_-Ahmedabad-4
[+] property_listings_detail.php?listingid=12[
[+] my_account_edit_builder_project.php?id=37%27
[+] my_account_view_builder_project.php?id=37


--- SQL Exception Logs ---
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near \\\\\\\'Approved\\\\\\\' AND proj_featured=\\\\\\\'yes\\\\\\\'\\\\\\\' at line 1
-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near  Approved  AND proj_featured= yes  at line 1
-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near  37  at line 1

1.2
A persistent input validation vulnerabilities are detected Real Estates property website cms 2012 Q2.
The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent).
Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent)
context manipulation. Exploitation requires low user inter action.
                                      
Vulnerable Module(s):
[+] Create Object - Project Name / Title/Short Description/Project TypeProject Location / Address/Contact Person/Address


1.3 Arbiritrary File Upload
Arbitrary file upload vulnerability allows the attacker to upload different files that aren\\\\\\\'t images or pdf. The attacker can upload these files after, he/she remans them to file.php%00.jpg. The null byte get truncated and the the file file.php get uploaded

Vulnerable Module(s):
[+] Property Details - uploading propertied photos
[+] add profile photo