Title:
======
Real Estates Property CMS 2012 - Multiple Web Vulnerabilities
Introduction:
=============
Real Estate property is an online real-estate service committed to helping you make wise and profitable
decisions related to buying, selling, renting and leasing of properties, in India and key global geographies.
It will provide a fresh new approach to our esteemed users to search for properties to buy or rent, and
list their properties for selling or leasing.
(Copy of the Vendor Homepage: http://www.gharwhar.com)
Details:
========
1.1
A remote SQL Injection vulnerability is detected on Real Estates property website cms 2012 Q2.
The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands
on the affected application dbms. Successful exploitation of the vulnerability results in dbms & application compromise.
Vulnerable Module(s):
[+] Project-Shree_Balaji_-Ahmedabad-4
[+] property_listings_detail.php?listingid=12[
[+] my_account_edit_builder_project.php?id=37%27
[+] my_account_view_builder_project.php?id=37
--- SQL Exception Logs ---
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near \\\\\\\'Approved\\\\\\\' AND proj_featured=\\\\\\\'yes\\\\\\\'\\\\\\\' at line 1
-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near Approved AND proj_featured= yes at line 1
-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near 37 at line 1
1.2
A persistent input validation vulnerabilities are detected Real Estates property website cms 2012 Q2.
The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent).
Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent)
context manipulation. Exploitation requires low user inter action.
Vulnerable Module(s):
[+] Create Object - Project Name / Title/Short Description/Project TypeProject Location / Address/Contact Person/Address
1.3 Arbiritrary File Upload
Arbitrary file upload vulnerability allows the attacker to upload different files that aren\\\\\\\'t images or pdf. The attacker can upload these files after, he/she remans them to file.php%00.jpg. The null byte get truncated and the the file file.php get uploaded
Vulnerable Module(s):
[+] Property Details - uploading propertied photos
[+] add profile photo