CVE-2008-4674

Conkurent Real Estate Manager 1.01 - SQL Injection via cat_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4674. PoCs published by CraCkEr.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Real Estate Manager software, allowing an attacker to extract admin credentials via a crafted GET request. The PoC includes live demo URLs and a clear payload for data exfiltration.

Description

SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CraCkEr · textwebappsphp

https://www.exploit-db.com/exploits/6599

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Real Estate Manager software, allowing an attacker to extract admin credentials via a crafted GET request. The PoC includes live demo URLs and a clear payload for data exfiltration.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Real Estate Manager (version unspecified)

No auth needed

Prerequisites: Target application with vulnerable parameter (cat_id) · Network access to the target

MITRE ATT&CK