Azerbaijan Development Group AzDGDatingPlatinum Multiple Vulnerabilities
BID:13082
Info
Azerbaijan Development Group AzDGDatingPlatinum Multiple Vulnerabilities
| Bugtraq ID: | 13082 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1081 CVE-2005-1082 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 09 2005 12:00AM |
| Updated: | Jun 28 2006 10:59PM |
| Credit: | Discovery is credited to <[email protected]>. |
| Vulnerable: |
Azerbaijan Development Group AzDGDatingPlatinum 1.1 .0 |
| Not Vulnerable: | |
Discussion
Azerbaijan Development Group AzDGDatingPlatinum Multiple Vulnerabilities
AzDGDatingPlatinum is reported prone to multiple vulnerabilities.
The following specific issues were identified:
- Multiple SQL-injection vulnerabilities. These issues could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
- A cross-site scripting issue. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
AzDGDatingPlatinum 1.1.0 is reported vulnerable. Other versions may be affected as well.
AzDGDatingPlatinum is reported prone to multiple vulnerabilities.
The following specific issues were identified:
- Multiple SQL-injection vulnerabilities. These issues could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
- A cross-site scripting issue. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
AzDGDatingPlatinum 1.1.0 is reported vulnerable. Other versions may be affected as well.
Exploit / POC
Azerbaijan Development Group AzDGDatingPlatinum Multiple Vulnerabilities
These issues can be exploited using a web client.
The following proof-of-concept URIs are available:
These issues can be exploited using a web client.
The following proof-of-concept URIs are available:
Solution / Fix
Azerbaijan Development Group AzDGDatingPlatinum Multiple Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Azerbaijan Development Group AzDGDatingPlatinum Multiple Vulnerabilities
References:
References:
- AzDGDatingPlatinum Product Page (Azerbaijan Development Group)
- AzDGDatingPlatinum multiple vulnerabilities (
- AzDGDatingPlatinum<<--v1.1.0 'view.php' SQL Injection (CrAzY.CrAcKeR)