Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: Site for Real Estate - Brokers SQL Injection Vulnerability
Vendor url:http://www.mformula.com.br/
Version:n/a
Price:100$
Published: 2010-06-11
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to all ICW & AH members.
Spl Greetz to:inj3ct0r.com Team

#####################################################################################################################################################################################################

Description:

* Site for Real Estate - Brokers SQL Injection Vulnerability *

Resources and Advantages
Better cost-benefit of the market
Internal system for total administration of the site
Available site in the languages Portuguese, Español, English and Japanese
Property Management
Management Clients
Support for Sale and Rent
Unlimited Publication of Photos for Property
RSS/XML feed
Optimization in search engines
SiteMap Google, Yahoo and Bing
Supported to any type of personalized option (Color, Size, Type, etc)
Personalization of the layout, colors and texts of the site in agreement your mark
Reports detailed on the site
Support via HelpDesk integrated in the Administration of your site 
#######################################################################################################################################################################################################

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://imob.mformula.com.br/products.php?imovelfor_id=[sqli]

http://imob.mformula.com.br/products_view.php?id=[sqli]

# 0day n0 m0re #