PropertyRental - Online Property Listing ScriptPropertyRental - Online Property Listing Script
Platform to rent out real estate, with professional presentation and marketing as well as integrated, secure payment system
PropertyRental - Online Property Listing Script
Platform to rent out real estate, with professional presentation and marketing as well as integra...1 Support questions or comments
Please login or create an account to post a question or comment.
-
Jul 20, 2022https://clonescripts.vcareall.com/propertyrental/property?country_name=&search_startdate=&search_enddate=&property_type=&bed=1&bath=&sleep=&srate=1
parameter 'srate' is vulnerable to SQL Injection and show high critical server informations:
SMTP Informations: (smtp mail host, smtp mail port, smtp username, smtp password, mail encryption type)
MAIL_MAILER
"smtp"
MAIL_HOST
"****.sendinblue.com"
MAIL_PORT
"58*"
MAIL_USERNAME
"geetaparmar***@gmail.com"
MAIL_PASSWORD
"****w285xR****"
MAIL_ENCRYPTION
"tls"
MAIL_FROM_ADDRESS
"[email protected]"
MAIL_FROM_NAME
"PropertyRental"
DATABASE informations: (db host, db port, db-database name, db- username, db- password)
DB_CONNECTION
"mysql"
DB_HOST
"127.0.0.1"
DB_PORT
"3306"
DB_DATABASE
"property_rental"
DB_USERNAME
"property_admin"
DB_PASSWORD
"**Qx(l0UodY*****"
Payment API's informations: (KEY / Secret KEY)
RAZORPAY_KEY
"rzp_test_k**pAEeHg*****"
RAZORPAY_SECRET
"***QpNQnHP***zFsmKrs****"
********************
I used to hide the critical information's by using the *****
Hope you fix this vulnerability and make a patch for the next version
I tried to contact the support on the messenger nd I've sent an email without any reply
best regards..
Information
| Category | Scripts & Code / PHP Scripts / Miscellaneous |
| First release | 9 July 2022 |
| Last update | 9 July 2022 |
| Files included | .php, .css, .html, .sql, .xml, Javascript .js |
