Dating Script v3.25 - SQL Injection - 11.01.2017

An attacker can exploit this vulnerability to read from the database. The parameter ‘id’ is vulnerable.

https://www.exploit-db.com/exploits/41027/

# Vulnerability: Dating Script v3.25 - SQL Injection
# Date: 11.01.2017
# Software link: http://itechscripts.com/dating-script/
# Demo: http://dating.itechscripts.com
# Price: 199$
# Category: webapps
# Exploit Author: Dawid Morawski
# Website: http://www.morawskiweb.pl
# Contact: dawid.morawski1990@gmail.com
#######################################

1. Description
An attacker can exploit this vulnerability to read from the database.

2. SQL Injection / Proof of Concept:
Vulnerable Parameter: id
http://localhost/[PATH]/see_more_details.php?id=[SQL]

Written on January 11, 2016