Free Realty Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
BID:53491
Info
Free Realty Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
| Bugtraq ID: | 53491 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 13 2012 12:00AM |
| Updated: | May 13 2012 12:00AM |
| Credit: | Vulnerability Laboratory |
| Vulnerable: |
Free Realty Free Realty 3.1-0.6 |
| Not Vulnerable: | |
Discussion
Free Realty Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
Free Realty is prone to multiple HTML injection, multiple SQL injection, and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Free Realty 3.1-0.6 is vulnerable; other versions may be affected.
Free Realty is prone to multiple HTML injection, multiple SQL injection, and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Free Realty 3.1-0.6 is vulnerable; other versions may be affected.
Exploit / POC
Free Realty Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
An attacker can exploit these issues through a browser. An attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issues.
An attacker can exploit these issues through a browser. An attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issues.
Solution / Fix
Free Realty Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
Solution:
Updates are available; please see the references for more information.
Solution:
Updates are available; please see the references for more information.
References
Free Realty Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
References:
References:
- Free Realty Home Page (Free Realty)