Netartmedia PHP Dating Site SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Netartmedia PHP Dating Site, allowing unauthenticated attackers to manipulate database queries. The vulnerability arises from improper handling of the Email parameter in POST requests to loginaction.php. Exploitation of this vulnerability enables attackers to inject SQL payloads that could extract sensitive information from the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries to extract, modify, or delete database information.

Reproduction

To reproduce this vulnerability, send a POST request to loginaction.php with a crafted SQL injection payload in the Email field. The payload can be designed to exploit time-based SQL injection techniques, such as using SQL functions that cause a delay in response time, indicating successful injection.