header-logo
Suggest Exploit
vendor:
My Php Dating
by:
Nassim Asrir
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: My Php Dating
Affected Version From: My Php Dating 2.0
Affected Version To: My Php Dating 2.0
Patch Exists: NO
Related CWE: Unknown
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows 7
2017

My Php Dating 2.0 – SQL Injection

The vulnerability exists in the 'id' parameter of the view_profile.php file. An attacker can inject SQL code into this parameter to manipulate the database and retrieve sensitive information.

Mitigation:

To mitigate this vulnerability, input validation and parameterized queries should be implemented to prevent SQL injection attacks. Additionally, the use of prepared statements and stored procedures can help protect against this type of exploit.
Source

Exploit-DB raw data:

# Vulnerability: My Php Dating 2.0 - SQL Injection 

# Google Dork: use your mind

# Date: 09.01.2017

# Vendor Homepage: http://www.phponlinedatingsoftware.com/demo.htm

# Tested on: win7

# Author: Nassim Asrir

# Author Company: Henceforth

# Contact: wassline@gmail.com 
#########################


# SQL Injection/Exploit :

# Vulnerable Parametre : id

# http://localhost/[PATH]/view_profile.php?id=[SQL]

Navigation

Suggest Exploit

Services By CQR