CVE-2008-4328

EasyRealtorPRO 2008 - SQL Injection via site_search.php Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4328. PoCs published by David Sopas.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in EasyRealtorPRO by manipulating the 'item', 'search_ordermethod', and 'search_order' parameters in the 'site_search.php' script. The PoC provides multiple URLs with injected SQL payloads, showing how unsanitized input can compromise the application.

Description

SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by David Sopas · textwebappsphp

https://www.exploit-db.com/exploits/32418

View Code ZIP pw:eip

The exploit demonstrates SQL injection vulnerabilities in EasyRealtorPRO by manipulating the 'item', 'search_ordermethod', and 'search_order' parameters in the 'site_search.php' script. The PoC provides multiple URLs with injected SQL payloads, showing how unsanitized input can compromise the application.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: EasyRealtorPRO

No auth needed

Prerequisites: Access to the vulnerable 'site_search.php' endpoint

MITRE ATT&CK