This exploit demonstrates a SQL injection vulnerability in Property Listing Script v3.1. The vulnerability allows an attacker to inject malicious SQL queries via the 'preview.php' endpoint by manipulating parameters such as 'min_bedrooms', 'max_bedrooms', 'min_bathrooms', and 'max_bathrooms'.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Property Listing Script v3.1
No auth needed
Prerequisites:Access to the target web application