Next Click Ventures RealtyScript SQL Injection Vulnerability in Users and Mailer Administration Pages

A SQL injection vulnerability has been identified in Next Click Ventures RealtyScript version 4.0.2. This vulnerability allows unauthenticated attackers to inject arbitrary SQL code through the GET parameter 'u_id' in '/admin/users.php' and the POST parameter 'agent[]' in '/admin/mailer.php'. The flaw arises because these input parameters are not properly sanitized before being used in SQL queries, leaving the application vulnerable to manipulation of database queries. Exploitation of this vulnerability could lead to extraction of sensitive database information or cause a denial-of-service condition by using sleep-based payloads.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where attackers can manipulate SQL queries to extract database information or cause a denial-of-service by introducing delays in database response times.

Reproduction

The vulnerability can be reproduced by sending a request to '/admin/users.php' with a crafted 'u_id' parameter that includes SQL injection payloads. Alternatively, the '/admin/mailer.php' can be used by sending a POST request with the 'agent[]' parameter containing similar SQL injection payloads. This can be done using tools like sqlmap, which can automate the exploitation of SQL injection vulnerabilities.