Dating Script 3.25 – SQL Injection

Exploit Database
92 阅读

作者： Dawid Morawski

日期： 2017-01-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/41027/

# Vulnerability: Dating Script v3.25 - SQL Injection
# Date: 11.01.2017
# Software link: http://itechscripts.com/dating-script/
# Demo: http://dating.itechscripts.com
# Price: 199$
# Category: webapps
# Exploit Author: Dawid Morawski
# Website: http://www.morawskiweb.pl
# Contact: dawid.morawski1990@gmail.com
#######################################


1. Description
An attacker can exploit this vulnerability to read from the database.

2. SQL Injection / Proof of Concept:
Vulnerable Parametre: id
http://localhost/[PATH]/see_more_details.php?id=[SQL]

last Exploits
Dating Script 3.25 – SQL Injection的更多信息

JonhCMS 4.5.1 – SQL Injection：
Frog CMS 0.9.5 – Multiple Vulnerabilities：
Ateme TITAN File 3.9 – SSRF File Enumeration：
ManageEngine Password Manager Pro / ManageEngine IT360 – SQL Injection：
TWiki History TWikiUsers – ‘rev’ Command Execution (Metasploit)：
Calendarix 0.8.20071118 – SQL Injection：
NuSOAP 0.9.5 – ‘nusoap.php’ Cross-Site Scripting：
Apache Tomcat 5.5.25 – Cross-Site Request Forgery：