<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Matrimony Website Script M-Plus - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/vendors/matrimony-website-script-m-plus/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 30 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/vendors/matrimony-website-script-m-plus/feed.xml" rel="self" type="application/rss+xml"/><item><title>Matrimony Website Script M-Plus SQL Injection Vulnerabilities</title><link>https://feed.craftedsignal.io/briefs/2024-01-matrimony-sqli/</link><pubDate>Tue, 30 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-matrimony-sqli/</guid><description>Matrimony Website Script M-Plus is vulnerable to unauthenticated SQL injection via POST parameters, enabling attackers to extract sensitive data or execute arbitrary SQL commands.</description><content:encoded><![CDATA[<p>The Matrimony Website Script M-Plus is susceptible to multiple SQL injection vulnerabilities (CVE-2019-25639) that allow unauthenticated attackers to inject malicious SQL code. This vulnerability allows threat actors to potentially extract sensitive data from the database or execute arbitrary SQL commands. The vulnerability is located in multiple PHP files, including simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, and registration2.php. This poses a significant risk to organizations using this software, as attackers could gain unauthorized access to user data, modify website content, or compromise the entire system. The exploitation of this vulnerability requires no authentication.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated attacker identifies a Matrimony Website Script M-Plus instance.</li>
<li>The attacker crafts a malicious HTTP POST request targeting one of the vulnerable PHP files: simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, or registration2.php.</li>
<li>The attacker injects SQL code into one or more of the following parameters: txtGender, religion, Fage, or cboCountry.</li>
<li>The web server processes the malicious POST request, passing the injected SQL code to the database server without proper sanitization or input validation.</li>
<li>The database server executes the injected SQL code, potentially allowing the attacker to extract sensitive data (e.g., user credentials, personal information) using SQL injection techniques like UNION-based injection.</li>
<li>Alternatively, the attacker could execute arbitrary SQL commands to modify data, create new accounts, or potentially gain control over the database server.</li>
<li>The attacker retrieves the results of the SQL query from the web server's response.</li>
<li>The attacker uses the extracted data or control over the database to further compromise the system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of these SQL injection vulnerabilities could lead to the complete compromise of the Matrimony Website Script M-Plus instance. Attackers could gain unauthorized access to sensitive user data, including personal details, contact information, and potentially financial data. This could result in identity theft, financial fraud, and reputational damage for both the website operator and its users. The impact is significant given the potential for widespread data breaches and the high CVSS score of 8.2.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Inspect web server logs for suspicious POST requests targeting simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, and registration2.php, especially those containing SQL syntax in the txtGender, religion, Fage, or cboCountry parameters to detect potential exploitation attempts (see the rules below).</li>
<li>Apply any available patches or updates for Matrimony Website Script M-Plus to address CVE-2019-25639.</li>
<li>Implement proper input validation and sanitization techniques to prevent SQL injection vulnerabilities in the Matrimony Website Script M-Plus, especially for the txtGender, religion, Fage, and cboCountry parameters.</li>
<li>Deploy the Sigma rules in this brief to your SIEM and tune for your environment.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>sql-injection</category><category>vulnerability</category><category>web-application</category></item></channel></rss>