header-logo
Suggest Exploit
vendor:
AbleDating
by:
JaMbA
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: AbleDating
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2010

AbleDating script SQL injection Vulnerability

A SQL injection vulnerability exists in the AbleDating script, which allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'view' parameter of the 'news.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable server. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information, modification of data, and other malicious activities.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: AbleDating script SQL injection Vulnerability
# Date: 24/06/2010
# Author: JaMbA
# Script url: http://www.abk-soft.com/matchmaking_software_demo.html
# Version: N/A
# Tested on: Windows
# CVE : ()

:::::::::::::::::::::::::

:::::::::::::::::::::::::

=================Exploit======
============



[ EXPL0!T ]

http://server/path/news.php?view=3(SQL)



===========================================================

Greetz to : Alnjm33-virus-pal - Predator-Ahmadso - xXx-jago-dz
-inejcteur-4PY-SaYrOs- XR57 -Tr0y-x -alsaek
And All Tunisian hacker

=== SwT Labs ====

Navigation

Suggest Exploit

Services By CQR