Netartmedia Real Estate Portal SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Netartmedia Real Estate Portal version 5.0. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Exploitation involves sending POST requests to 'index.php' with malicious SQL payloads, which can bypass authentication, extract sensitive data, or modify database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'index.php' with a crafted 'page' parameter that includes SQL injection payloads. This can be done using tools like Burp Suite or by writing a custom script that sends the appropriate SQL injection payloads in the 'page' parameter of the POST request.