========================================================= REstate Real Estate Script Persistent Xss Vulnerability ========================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 _ __ __ ________ __ __ 3 7 /' \ /'__`\ /'__`\ /\_____ \ /\ \/\ \ 7 1 /\_, \/\_\L\ \ /\_\L\ \\/___//'/' \_\ \ \ \____ 1 3 \/_/\ \/_/_\_<_\/_/_\_<_ /' /' /'_` \ \ '__`\ 3 3 \ \ \/\ \L\ \ /\ \L\ \ /' /' /\ \L\ \ \ \L\ \ 3 7 \ \_\ \____/ \ \____//\_/ \ \___,_\ \_,__/ 7 1 \/_/\/___/ \/___/ \// \/__,_ /\/___/ 1 3 >> Exploit database separated by exploit 3 3 type (local, remote, DoS, etc.) 3 7 7 1 [+] Site : 1337db.com 1 3 [+] Support e-mail : submit[at]1337db.com 3 3 3 7 ############################################### 7 1 I'm Sid3^effects 1337 Member from 1337 DataBase 1 3 ############################################### 3 3 3 7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7 #Name :REstate Real Estate Script Persistent Xss Vulnerability #Date : Dec,19 2010 #Vendor Url :http://www.realestatescript.eu/ #Author : Sid3^effects aKa HaRi #Big hugs : Th3 RDX,Hanan_butt, #special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,tranquiller,Sug@R #greetz to :!Op3x_ninjato team,www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz ####################################################################################################### Description: Powerfull, Customizable Real Estate Script REstate Script is the best solution for your real estate online business. It's easy to install, easy to use, provides lots of features and option details. Just check the online demo and convince yourself about how easy is to manage your business online. The software gives the big opportunity of being reached by thousands of people all possible clients, looking for real estate. The software displays your listings featuring pictures, prices, availability, advanced searches and many, many more all being managed by you from the Admin Area via your web browser. No coding knowledge required! It can be managed by a single person, with or without technical experience, reducing the costs of maintenance. You control the way your site will look, add your own logo or create your own site template. ############################################################################################################### Exploit:Persistent Xss Vulnerability The vulnerability exists due to failure in the script to properly sanitize user-supplied input.Successful exploitation of this vulnerability could result in a compromise of the application,disclosure or modification of sensitive data. >Once logged in as a user or agent or admin, the attacker can post malicious xss script.Now post the scripts in the listings. Attack parameter: "> >http://www.server.com/path/agent/listings/edit/2***** >http://www.server.com/path/properties/search/for:sale demo url: http://www.realestatescript.eu/demo/agent/listings/view http://www.realestatescript.eu/demo/properties/search/for:sale Screenshot: http://img152.imageshack.us/img152/410/realv.png ############################################################################################################### Fix: N/a ############################################################################################################### # 0day no more # Sid3^effects # 1337day.com