Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-9005. PoCs published by Mr T.
AI-analyzed exploit summary The exploit demonstrates XSS and SQL injection vulnerabilities in VLD Personal 2.7. The XSS payload is injected via the 'id' parameter, while SQLi is executed through the 'country' parameter using a time-based benchmark payload.
Description
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.
Exploits (1)
The exploit demonstrates XSS and SQL injection vulnerabilities in VLD Personal 2.7. The XSS payload is injected via the 'id' parameter, while SQLi is executed through the 'country' parameter using a time-based benchmark payload.