CVE-2008-6011

SG Real Estate Portal 2.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6011. PoCs published by SirGod, Stack.

AI-analyzed exploit summary The exploit demonstrates Local File Inclusion (LFI) and Blind SQL Injection vulnerabilities in SG Real Estate Portal 2.0. It provides multiple PoC URLs with parameter manipulation techniques to exploit these vulnerabilities.

Description

SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/6631

View Code ZIP pw:eip

The exploit demonstrates Local File Inclusion (LFI) and Blind SQL Injection vulnerabilities in SG Real Estate Portal 2.0. It provides multiple PoC URLs with parameter manipulation techniques to exploit these vulnerabilities.

Classification

Working Poc 90%

Attack Type

Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SG Real Estate Portal 2.0

No auth needed

Prerequisites: Access to the target application · Knowledge of vulnerable parameters

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Stack · phpwebappsphp

https://www.exploit-db.com/exploits/6634

View Code ZIP pw:eip

This PHP script exploits a blind SQL injection vulnerability in SG Real Estate Portal 2.0 by brute-forcing the admin username and password via time-based inference. It uses file_get_contents to measure response lengths and deduce character values.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: SG Real Estate Portal 2.0

No auth needed

Prerequisites: Target URL with vulnerable parameter · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6631

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31489

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/45568

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6634

Scores

EPSS 0.0097

EPSS Percentile 57.5%

Details

CWE

CWE-89

Status published

Products (1)

sg_real_estate_portal/sg_real_estate_portal 2.0

Published Jan 30, 2009

Tracked Since Feb 18, 2026