AEwebworks aeDating 3.2/4.0 - Search_Result.PHP SQL Injection Vulnerability

2005-09-15T00:00:00
ID EDB-ID:26263
Type exploitdb
Reporter alexsrb
Modified 2005-09-15T00:00:00

Description

AEwebworks aeDating 3.2/4.0 Search_Result.PHP SQL Injection Vulnerability. CVE- 2005-2985. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/14847/info

AEwebworks aeDating is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before it is used in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

http://www.example.com/search_result.php?Sex=male&LookingFor=female&DateOfBirth_start=18&DateOfBirth_end=40&Country%5B%5D=0UNION