| tiêu đề | ScriptAndTools Real Estate Management System 1.0 SQL Injection |
|---|
| Mô tả | Title of the Vulnerability:
Script And Tools | Real Estate Management System 1.0 | SQL Injection Admin Bypass In /admin/
Vulnerability Class: SQL Injection
Product Name: Real Estate Management System
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/Real-Estate-website-in-PHP
Technical Details & Description:
The application source code is coded in a way which allows To Access /admin/ via SQL Injection Admin Bypass Payloads!
Product & Service Introduction: Real Estate Management System
Observation & Exploitation:
Here,The Vulnerable File Is:
/admin/addpackage.php
Lets Exploit ????????️????:
Step-1:
First,Go To The Vulnerable Location:
Example:
http://192.168.0.100:8080/reali/admin/
Step-2:
Now use SQL Admin Bypass Payloads Like:
' or 1=1 limit 1 -- -+
use it in both username and password field!
And you will be logged in the admin panel then!
So,This indicates that the /admin/ is vulnerable to SQL Injection |
|---|
| Nguồn | ⚠️ https://www.websecurityinsights.my.id/2025/05/script-and-tools-real-estate-management.html |
|---|
| Người dùng | MaloyRoyOrko (UID 79572) |
|---|
| Đệ trình | 04/05/2025 16:28 (cách đây 12 các tháng) |
|---|
| Kiểm duyệt | 23/05/2025 20:17 (19 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 310206 [ScriptAndTools Real-Estate-website-in-PHP 1.0 Admin Login Panel /admin/ mật khẩu Tiêm SQL] |
|---|
| điểm | 20 |
|---|