2010-01-10 │phpwind 7.5 0day漏洞利用 【转】
作者:逍遥乾坤 | 发表时间:2010-01-10 16:19:45 | 分类:网络随笔 | 阅读:48317
| 评论:5330
2010-01-10 15:10
phpwind 7.5 Multiple Include Vulnerabilities
author: 80vul
team:http://www.80vul.com
phpwind 7.5 Multiple Include Vulnerabilities
一.api/class_base.php本地包含漏洞
1.描叙
api/class_base.php文件里callback函数里$mode变量没有过滤导致任意包含本地文件,从而可以执行任意PHP命令.
2. 具体分析
api/class_base.php文件里:
function callback($mode, $method, $params) {
if (!isset($this->classdb[$mode])) {
if (!file_exists(R_P.'api/class_' . $mode . '.php')) {
return new ErrorMsg(API_MODE_NOT_EXISTS, "Class($mode) Not Exists");
}
require_once(R_P.'api/class_' . $mode . '.php'); //这里
$this->classdb[$mode] = new $mode($this);
}
if (!method_exists($this->classdb[$mode], $method)) {
return new ErrorMsg(API_METHOD_NOT_EXISTS, "Method($method of $mode) Not Exists");
}
!is_array($params) && $params = array();
return @call_user_func_array(array(&$this->classdb[$mode], $method), $params);
}
我们继续跟一下具体变量传递的过程. 上面的函数在run()里有调用:
function run($request) {
$request = $this->strips($request);
if (isset($request['type']) && $request['type'] == 'uc') {
$this->type = 'uc';
$this->apikey = $GLOBALS['uc_key'];//注意这个变量也是该漏洞的关键
} else {
$this->type = 'app';
$this->apikey = $GLOBALS['db_siteownerid'];
$this->siteappkey = $GLOBALS['db_siteappkey'];
}
/***
if ($this->type == 'app' && !$GLOBALS['o_appifopen']) {
return new ErrorMsg(API_CLOSED, 'App Closed');
}
***/
ksort($request);
reset($request);
$arg = '';
foreach ($request as $key => $value) {
if ($value && $key != 'sig') {
$arg .= "$key=$value&";
}
}
if (md5($arg . $this->apikey) != $request['sig']) { //注意这个判断,需要绕过它.上面的代码可以看的出来$this->apikey = $GLOBALS['uc_key'],和$request['sig']我们
//都可以控制,那么很容易绕过它
return new ErrorMsg(API_SIGN_ERROR, 'Error Sign');
}
$mode = $request['mode']; //取$mode 没有过滤直接进入下面的callback()
$method = $request['method'];
$params = isset($request['params']) ? unserialize($request['params']) : array();
if (isset($params['appthreads'])) {
if (PHP_VERSION < 5.2) {
require_once(R_P.'api/class_json.php');
$json = new Services_JSON(true);
$params['appthreads'] = $json->decode(@gzuncompress($params['appthreads']));
} else {
$params['appthreads'] = json_decode(@gzuncompress($params['appthreads']),true);
}
}
if ($params && isset($request['charset'])) {
$params = pwConvert($params, $this->charset, $request['charset']);
}
return $this->callback($mode, $method, $params); //调用callback ()
}
我们继续看看run()函数的调用:
在pw_api.php文件里:
$api = new api_client();
$response = $api->run($_POST + $_GET);//直接run了$_POST , $_GET提交的变量.
上面的分析是逆行分析了整个漏洞变量提交的过程,其实我们这个漏洞还包含一次编码与解码的问:require_once(R_P.'api/class_' . $mode . '.php');这个需要绕过魔术引号才可以
包含容易文件.我们注意看run()的第一句
$request = $this->strips($request);
strips()的代码:
function strips($param) {
if (is_array($param)) {
foreach ($param as $key => $value) {
$param[$key] = $this->strips($value);
}
} else {
$param = stripslashes($param); //变量直接使用了stripslashes,那么我们可以直接绕过魔术引号了 :)
}
return $param;
}
3.POC/EXP
缺
4.FIX
由于漏洞信息的外泄,官方针对这个漏洞已经做出了修补:
http://www.phpwind.net/read-htm-tid-914851.html
具体代码:
require_once Pcv(R_P.'api/class_' . $mode . '.php');
function Pcv($filename,$ifcheck=1){
$tmpname = strtolower($filename);
$tmparray = array(' http://',"\0"); //过滤了http:// \0 意思是不让远程 不让截断
$ifcheck && $tmparray[] = '..'; //过滤了.. 意思是不让转跳目录
if (str_replace($tmparray,'',$tmpname)!=$tmpname) {
exit('Forbidden');
}
return $filename;
}
从Pcv()可以看出来phpwind的补丁风格是很猥琐的,单从这个pcv来看 还有很多的逻辑问题,比如http://这个过滤很搞笑,人家就不可以用ftp://? ...
二.apps/share/index.php远程包含漏洞
1.描叙
apps/share/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码
2.具体分析
if ($route == "share") {
require_once $basePath . '/action/m_share.php';
} elseif ($route == "sharelink") {
require_once $basePath . '/action/m_sharelink.php';
}
?>
这个漏洞好象不太需要分析!!!! 我建议写这个代码的人应该扣除年终奖...
3.POC/EXP
缺
4.FIX
已经在这个补丁的同时'修补'了
http://www.phpwind.net/read-htm-tid-914851.html
!function_exists('readover') && exit('Forbidden');
if ($route == "share") {
require_once $basePath . '/action/m_share.php';
} elseif ($route == "sharelink") {
require_once $basePath . '/action/m_sharelink.php';
}
?>
三.apps/groups/index.php远程包含漏洞
1.描叙
apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码
2.具体分析
if ($route == "groups") {
require_once $basePath . '/action/m_groups.php';
} elseif ($route == "group") {
require_once $basePath . '/action/m_group.php';
} elseif ($route == "galbum") {
require_once $basePath . '/action/m_galbum.php';
}
这个漏洞好象不太需要分析!!!! 我建议写这个代码的人应该扣除年终奖...
3.POC/EXP
缺
4.FIX
已经在这个补丁的同时'修补'了
http://www.phpwind.net/read-htm-tid-914851.html
!function_exists('readover') && exit('Forbidden');
if ($route == "groups") {
require_once $basePath . '/action/m_groups.php';
} elseif ($route == "group") {
require_once $basePath . '/action/m_group.php';
} elseif ($route == "galbum") {
require_once $basePath . '/action/m_galbum.php';
}
?>
phpwind 7.5 Multiple Include Vulnerabilities
author: 80vul
team:http://www.80vul.com
phpwind 7.5 Multiple Include Vulnerabilities
一.api/class_base.php本地包含漏洞
1.描叙
api/class_base.php文件里callback函数里$mode变量没有过滤导致任意包含本地文件,从而可以执行任意PHP命令.
2. 具体分析
api/class_base.php文件里:
function callback($mode, $method, $params) {
if (!isset($this->classdb[$mode])) {
if (!file_exists(R_P.'api/class_' . $mode . '.php')) {
return new ErrorMsg(API_MODE_NOT_EXISTS, "Class($mode) Not Exists");
}
require_once(R_P.'api/class_' . $mode . '.php'); //这里
$this->classdb[$mode] = new $mode($this);
}
if (!method_exists($this->classdb[$mode], $method)) {
return new ErrorMsg(API_METHOD_NOT_EXISTS, "Method($method of $mode) Not Exists");
}
!is_array($params) && $params = array();
return @call_user_func_array(array(&$this->classdb[$mode], $method), $params);
}
我们继续跟一下具体变量传递的过程. 上面的函数在run()里有调用:
function run($request) {
$request = $this->strips($request);
if (isset($request['type']) && $request['type'] == 'uc') {
$this->type = 'uc';
$this->apikey = $GLOBALS['uc_key'];//注意这个变量也是该漏洞的关键
} else {
$this->type = 'app';
$this->apikey = $GLOBALS['db_siteownerid'];
$this->siteappkey = $GLOBALS['db_siteappkey'];
}
/***
if ($this->type == 'app' && !$GLOBALS['o_appifopen']) {
return new ErrorMsg(API_CLOSED, 'App Closed');
}
***/
ksort($request);
reset($request);
$arg = '';
foreach ($request as $key => $value) {
if ($value && $key != 'sig') {
$arg .= "$key=$value&";
}
}
if (md5($arg . $this->apikey) != $request['sig']) { //注意这个判断,需要绕过它.上面的代码可以看的出来$this->apikey = $GLOBALS['uc_key'],和$request['sig']我们
//都可以控制,那么很容易绕过它
return new ErrorMsg(API_SIGN_ERROR, 'Error Sign');
}
$mode = $request['mode']; //取$mode 没有过滤直接进入下面的callback()
$method = $request['method'];
$params = isset($request['params']) ? unserialize($request['params']) : array();
if (isset($params['appthreads'])) {
if (PHP_VERSION < 5.2) {
require_once(R_P.'api/class_json.php');
$json = new Services_JSON(true);
$params['appthreads'] = $json->decode(@gzuncompress($params['appthreads']));
} else {
$params['appthreads'] = json_decode(@gzuncompress($params['appthreads']),true);
}
}
if ($params && isset($request['charset'])) {
$params = pwConvert($params, $this->charset, $request['charset']);
}
return $this->callback($mode, $method, $params); //调用callback ()
}
我们继续看看run()函数的调用:
在pw_api.php文件里:
$api = new api_client();
$response = $api->run($_POST + $_GET);//直接run了$_POST , $_GET提交的变量.
上面的分析是逆行分析了整个漏洞变量提交的过程,其实我们这个漏洞还包含一次编码与解码的问:require_once(R_P.'api/class_' . $mode . '.php');这个需要绕过魔术引号才可以
包含容易文件.我们注意看run()的第一句
$request = $this->strips($request);
strips()的代码:
function strips($param) {
if (is_array($param)) {
foreach ($param as $key => $value) {
$param[$key] = $this->strips($value);
}
} else {
$param = stripslashes($param); //变量直接使用了stripslashes,那么我们可以直接绕过魔术引号了 :)
}
return $param;
}
3.POC/EXP
缺
4.FIX
由于漏洞信息的外泄,官方针对这个漏洞已经做出了修补:
http://www.phpwind.net/read-htm-tid-914851.html
具体代码:
require_once Pcv(R_P.'api/class_' . $mode . '.php');
function Pcv($filename,$ifcheck=1){
$tmpname = strtolower($filename);
$tmparray = array(' http://',"\0"); //过滤了http:// \0 意思是不让远程 不让截断
$ifcheck && $tmparray[] = '..'; //过滤了.. 意思是不让转跳目录
if (str_replace($tmparray,'',$tmpname)!=$tmpname) {
exit('Forbidden');
}
return $filename;
}
从Pcv()可以看出来phpwind的补丁风格是很猥琐的,单从这个pcv来看 还有很多的逻辑问题,比如http://这个过滤很搞笑,人家就不可以用ftp://? ...
二.apps/share/index.php远程包含漏洞
1.描叙
apps/share/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码
2.具体分析
if ($route == "share") {
require_once $basePath . '/action/m_share.php';
} elseif ($route == "sharelink") {
require_once $basePath . '/action/m_sharelink.php';
}
?>
这个漏洞好象不太需要分析!!!! 我建议写这个代码的人应该扣除年终奖...
3.POC/EXP
缺
4.FIX
已经在这个补丁的同时'修补'了
http://www.phpwind.net/read-htm-tid-914851.html
!function_exists('readover') && exit('Forbidden');
if ($route == "share") {
require_once $basePath . '/action/m_share.php';
} elseif ($route == "sharelink") {
require_once $basePath . '/action/m_sharelink.php';
}
?>
三.apps/groups/index.php远程包含漏洞
1.描叙
apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码
2.具体分析
if ($route == "groups") {
require_once $basePath . '/action/m_groups.php';
} elseif ($route == "group") {
require_once $basePath . '/action/m_group.php';
} elseif ($route == "galbum") {
require_once $basePath . '/action/m_galbum.php';
}
这个漏洞好象不太需要分析!!!! 我建议写这个代码的人应该扣除年终奖...
3.POC/EXP
缺
4.FIX
已经在这个补丁的同时'修补'了
http://www.phpwind.net/read-htm-tid-914851.html
!function_exists('readover') && exit('Forbidden');
if ($route == "groups") {
require_once $basePath . '/action/m_groups.php';
} elseif ($route == "group") {
require_once $basePath . '/action/m_group.php';
} elseif ($route == "galbum") {
require_once $basePath . '/action/m_galbum.php';
}
?>
saiyla http://www.saiyla.com/(2023-11-25 19:55:23)
binsarhiras http://www.binsarhiras.com/(2023-11-18 03:36:53)
biosavons http://www.biosavons.com/(2023-11-17 07:46:49)
cagataycatal http://www.cagataycatal.net/(2023-11-03 00:29:51)
scifiindia http://www.scifiindia.com/(2023-10-20 06:06:29)
filigrania http://www.filigrania.com/(2023-09-19 10:34:38)
het-nus http://www.het-nus.net/(2023-09-13 10:14:22)
mseteit http://www.mseteit.com/(2023-08-19 18:30:40)
mirkurortov http://www.mirkurortov.com/(2023-08-10 21:13:27)
toptorah http://www.toptorah.com/(2023-08-06 03:42:42)
tabamachine http://www.tabamachine.com/(2023-07-31 01:10:37)
droitausommeil http://www.droitausommeil.net/(2023-07-25 06:54:03)
bionutronics http://www.bionutronics.net/(2023-07-15 04:57:44)
transorgs http://www.transorgs.com/(2023-07-13 07:24:42)
lacarspotting http://www.lacarspotting.com/(2023-07-05 11:07:38)
caspigas http://www.caspigas.com/(2023-05-28 06:21:47)
thestmc http://www.thestmc.com/(2023-05-16 11:04:23)
johnsonwedding https://www.johnsonwedding.net/(2023-05-10 04:44:01)
welovehemp https://www.welovehemp.net/(2023-05-10 04:44:00)
schnelllauftore https://www.schnelllauftore.net/(2023-05-10 04:43:59)
dedguy https://www.dedguy.net/(2023-05-10 04:43:59)
maofficial https://www.maofficial.net/(2023-05-10 04:43:36)
womeninpolitics https://www.womeninpolitics.net/(2023-05-05 10:46:24)
gearandrack https://www.gearandrack.net/(2023-05-05 10:46:24)
parismodes https://www.parismodes.net/(2023-05-05 10:46:23)
cindybass https://www.cindybass.net/(2023-05-05 10:46:23)
comicstatues https://www.comicstatues.net/(2023-05-05 10:46:01)
jasonandbrandi https://www.jasonandbrandi.net/(2023-04-28 04:25:16)
sellmineralrights https://www.sellmineralrights.net/(2023-04-28 04:25:15)
hntelecomlimited https://www.hntelecomlimited.net/(2023-04-28 04:24:52)
parkli https://www.parkli.net/(2023-04-24 01:47:42)
submitwebsites https://www.submitwebsites.net/(2023-04-24 01:47:41)
conankun https://www.conankun.net/(2023-04-24 01:47:41)
sanifix https://www.sanifix.net/(2023-04-24 01:47:09)
busywin https://www.busywin.net/(2023-04-18 05:05:29)
asamlambung https://www.asamlambung.net/(2023-04-18 05:05:28)
bluegoldmarketing https://www.bluegoldmarketing.net/(2023-04-18 05:05:27)
ziemiaobiecana https://www.ziemiaobiecana.net/(2023-03-31 09:41:02)
gestiondenegocios https://www.gestiondenegocios.net/(2023-03-31 09:40:40)
conankun https://www.conankun.net/(2023-03-31 09:40:39)
parkli https://www.parkli.net/(2023-03-25 16:31:57)
joemonte https://www.joemonte.net/(2023-03-25 16:31:54)
tommydalton https://www.tommydalton.net/(2023-03-25 16:31:54)
busywin https://www.busywin.net/(2023-03-20 17:03:39)
weissemagie https://www.weissemagie.net/(2023-03-20 17:03:38)
outcastdigital https://www.outcastdigital.net/(2023-03-20 17:03:37)
islafuerteventura https://www.islafuerteventura.net/(2023-03-20 17:03:37)
windsorknolls https://www.windsorknolls.net/(2023-03-16 14:19:22)
serversitters https://www.serversitters.net/(2023-03-16 14:18:59)
ecvine http://www.ecvine.com/(2023-03-12 05:53:06)
bmesummit https://www.bmesummit.net/(2023-03-12 04:08:34)
sosanimalicos https://www.sosanimalicos.net/(2023-03-12 04:08:33)
megabono https://www.megabono.net/(2023-03-12 04:08:31)
submitwebsites https://www.submitwebsites.net/(2023-03-12 04:08:09)
johnsonwedding https://www.johnsonwedding.net/(2023-03-07 22:45:09)
meucartorio https://www.meucartorio.net/(2023-03-07 22:45:08)
eidmubarakwishes https://www.eidmubarakwishes.net/(2023-03-07 22:45:08)
jkhushaldas https://www.jkhushaldas.net/(2023-03-07 22:45:07)
valoriel https://www.valoriel.net/(2023-03-07 22:44:45)
wideodomofony https://www.wideodomofony.net/(2023-03-06 06:24:44)
idassociatesnh https://www.idassociatesnh.net/(2023-03-06 06:24:43)
seoservicesdelhi https://www.seoservicesdelhi.net/(2023-03-06 06:24:42)
swiatfiran https://www.swiatfiran.net/(2023-03-06 06:24:20)
partysanhomebase https://www.partysanhomebase.net/(2023-02-28 12:20:32)
groubee https://www.groubee.net/(2023-02-28 12:20:06)
bradlarsen https://www.bradlarsen.net/(2023-02-24 06:08:43)
tecavuz https://www.tecavuz.net/(2023-02-24 06:08:42)
camprewards https://www.camprewards.net/(2023-02-24 06:08:42)
wideodomofony https://www.wideodomofony.net/(2023-02-24 06:08:41)
taylorproductions https://www.taylorproductions.net/(2023-02-24 06:08:18)
movekappa http://www.movekappa.com/(2023-02-18 14:44:14)
kaasajans http://www.kaasajans.com/(2023-02-06 22:42:06)
andylampert http://www.andylampert.net/(2023-01-19 15:30:56)
buckleyk https://www.buckleyk.com/(2023-01-14 06:25:11)
aidownloading https://www.aidownloading.com/(2023-01-14 06:25:11)
emcetolerie https://www.emcetolerie.com/(2023-01-14 06:25:10)
ferinhasviajantes https://www.ferinhasviajantes.com/(2023-01-14 06:25:10)
buckleyk https://www.buckleyk.com/(2023-01-14 06:24:39)
vmediasolution https://www.vmediasolution.net/(2023-01-12 05:03:28)
yuvaneeds https://www.yuvaneeds.com/(2023-01-12 05:03:27)
theicecreambucket https://www.theicecreambucket.com/(2023-01-12 05:02:59)
theonebaja https://www.theonebaja.net/(2023-01-07 14:58:19)
ajewelinthelotus https://www.ajewelinthelotus.net/(2023-01-07 14:58:18)
amosdarnell https://www.amosdarnell.net/(2023-01-07 14:58:17)
multiterra https://www.multiterra.net/(2023-01-07 14:57:45)
cellustra https://www.cellustra.net/(2023-01-03 04:49:37)
lahihunaja https://www.lahihunaja.net/(2023-01-03 04:49:37)
itrente https://www.itrente.net/(2023-01-03 04:49:36)
openedges https://www.openedges.net/(2023-01-03 04:49:04)
bottlesup https://www.bottlesup.net/(2023-01-01 10:20:11)
removalsking https://www.removalsking.net/(2023-01-01 10:20:10)
kokumbutter https://www.kokumbutter.net/(2023-01-01 10:20:10)
solarbraz https://www.solarbraz.net/(2023-01-01 10:19:38)
smtlrtcc http://www.smtlrtcc.net/(2022-12-28 15:54:52)
agapcanada https://www.agapcanada.net/(2022-12-26 16:34:57)
carnetdeconducir https://www.carnetdeconducir.net/(2022-12-26 16:34:56)
jardinfashion https://www.jardinfashion.net/(2022-12-26 16:34:56)
otoplastik https://www.otoplastik.net/(2022-12-26 16:34:24)
goldenpaisa http://www.goldenpaisa.net/(2022-12-21 12:32:40)
vmediasolution https://www.vmediasolution.net/(2022-12-18 17:43:22)
arubasails https://www.arubasails.net/(2022-12-18 17:43:20)
oruhealingteams https://www.oruhealingteams.net/(2022-12-18 17:42:49)
mediakriisi http://www.mediakriisi.net/(2022-11-14 16:59:25)
saglikara http://www.saglikara.net/(2022-10-25 00:19:32)
ukomik http://www.ukomik.com/(2022-10-12 19:03:03)
kingsoftbbs https://www.kingsoftbbs.com/(2022-09-28 19:22:05)
thevgames https://www.thevgames.com/(2022-09-28 19:22:04)
gasproductsuk https://www.gasproductsuk.com/(2022-09-25 11:43:19)
dinerwaresf https://www.dinerwaresf.com/(2022-09-25 11:43:18)
signplusplus https://www.signplusplus.com/(2022-09-25 11:42:46)
becomingsleek https://www.becomingsleek.com/(2022-09-20 03:29:40)
nekojyujisya https://www.nekojyujisya.com/(2022-09-20 03:29:39)
frbasketsoldes https://www.frbasketsoldes.com/(2022-09-20 03:29:07)
k-editions http://www.k-editions.com/(2022-09-20 01:22:50)
theadepot https://www.theadepot.com/(2022-09-15 06:50:01)
atrapaniapp https://www.atrapaniapp.com/(2022-09-15 06:50:01)
giftbowtique https://www.giftbowtique.com/(2022-09-15 06:50:00)
mymobileappstores https://www.mymobileappstores.com/(2022-09-15 06:49:59)
smartsgi https://www.smartsgi.com/(2022-09-08 02:54:34)
yuvaneeds https://www.yuvaneeds.com/(2022-09-08 02:54:24)
sininensilta https://www.sininensilta.com/(2022-09-08 02:53:54)
gunicinden https://www.gunicinden.com/(2022-09-04 22:17:08)
bettayourself https://www.bettayourself.com/(2022-09-04 22:17:06)
facemasksbulk https://www.facemasksbulk.com/(2022-09-04 22:17:06)
conseildefinance https://www.conseildefinance.com/(2022-09-04 22:17:05)
morgynstar https://www.morgynstar.com/(2022-09-04 22:16:34)
canseidesercool https://www.canseidesercool.com/(2022-09-01 21:06:19)
johnamoreno https://www.johnamoreno.com/(2022-09-01 21:06:18)
babespanty https://www.babespanty.com/(2022-09-01 21:06:16)
skytopsneakers https://www.skytopsneakers.com/(2022-09-01 21:06:15)
janesgallerie https://www.janesgallerie.com/(2022-09-01 21:05:44)
fatimahb http://www.fatimahb.com/(2022-09-01 06:45:49)
highstatusdating https://www.highstatusdating.com/(2022-08-31 02:18:36)
aselresorthotel https://www.aselresorthotel.com/(2022-08-31 02:18:35)
fehifofhie https://www.fehifofhie.com/(2022-08-31 02:18:34)
tamilpathivu https://www.tamilpathivu.com/(2022-08-31 02:18:07)
lamodedalba https://www.lamodedalba.com/(2022-08-29 04:02:10)
maidsquadtx https://www.maidsquadtx.com/(2022-08-29 04:02:08)
rncguide https://www.rncguide.com/(2022-08-29 04:02:08)
wtfshewants https://www.wtfshewants.com/(2022-08-29 04:01:36)
profprsites http://www.profprsites.com/(2022-08-10 07:18:00)
veskopetrov http://www.veskopetrov.com/(2022-08-08 09:47:40)
muadotho http://www.muadotho.com/(2022-08-07 13:57:43)
rupulu http://www.rupulu.com/(2022-08-02 18:27:59)
gtrelarm http://www.gtrelarm.com/(2022-08-01 00:28:08)
vfokus http://www.vfokus.com/(2022-06-29 08:45:50)
billsodds http://www.billsodds.com/(2022-06-28 03:01:07)
tatesburger http://www.tatesburger.com/(2022-06-28 03:00:44)
webbirga http://www.webbirga.net/(2022-06-09 02:09:09)
levitraeos http://www.levitraeos.com/(2022-05-13 04:19:08)
caltav http://www.caltav.com/(2022-05-11 09:12:28)
leneuf http://www.leneuf.net/(2022-05-04 11:08:21)
empireofnaturer https://demo.empireofnaturer.com/(2022-05-01 11:33:31)
levitra100pudoff https://demo.levitra100pudoff.com/(2022-05-01 11:33:30)
lsmceo https://demo.lsmceo.com/(2022-05-01 11:33:23)
otonaclub https://www.otonaclub.net/(2022-04-30 11:02:46)
boombustology https://www.boombustology.net/(2022-04-30 11:02:41)
anjandutta https://www.anjandutta.net/(2022-04-30 11:02:40)
bearingstr https://www.bearingstr.net/(2022-04-30 11:02:40)
faithspan https://www.faithspan.net/(2022-04-30 11:01:48)
filpchat http://www.filpchat.com/(2022-04-21 12:01:14)
dostindian http://www.dostindian.com/(2022-04-10 10:52:31)
tertogel http://www.tertogel.com/(2022-03-11 11:00:46)
nospinw http://www.nospinw.com/(2022-03-08 15:04:30)
poosdim https://demo.poosdim.com/(2022-03-06 13:41:59)
eachenhome https://demo.eachenhome.com/(2022-03-06 13:41:59)
ischool-bus https://demo.ischool-bus.com/(2022-03-06 13:41:58)
bretanicalgardens https://demo.bretanicalgardens.com/(2022-03-06 13:41:58)
fabelkart https://demo.fabelkart.com/(2022-03-06 13:41:33)
pickmywoodlathe https://demo.pickmywoodlathe.com/(2022-03-02 06:48:47)
getvviagragets https://demo.getvviagragets.com/(2022-03-02 06:48:46)
pfzrviagra https://demo.pfzrviagra.com/(2022-03-02 06:48:46)
ugibilisim https://demo.ugibilisim.com/(2022-03-02 06:48:45)
drelnazkhoshand https://demo.drelnazkhoshand.com/(2022-03-02 06:48:21)
divine-proof https://www.divine-proof.com/(2022-02-27 18:04:40)
halluuethio https://www.halluuethio.com/(2022-02-27 18:04:40)
jetpakbranding https://www.jetpakbranding.com/(2022-02-27 18:04:39)
loftsoon https://www.loftsoon.com/(2022-02-27 18:04:39)
bookbackstories https://www.bookbackstories.com/(2022-02-27 18:04:15)
tyvano http://www.tyvano.com/(2022-02-18 13:39:50)
boeckerusa https://www.boeckerusa.com/(2022-02-14 17:59:04)
saproofplus https://www.saproofplus.com/(2022-02-14 17:59:04)
servproglenlg https://www.servproglenlg.com/(2022-02-14 17:59:03)
cloudgridhosting https://www.cloudgridhosting.com/(2022-02-14 17:59:02)
vieradigital https://www.vieradigital.com/(2022-02-04 00:22:09)
itloginguide https://demo.itloginguide.com/(2022-02-03 11:59:02)
anytourkorea https://demo.anytourkorea.com/(2022-02-03 11:59:02)
mydayinlosangeles https://demo.mydayinlosangeles.com/(2022-02-03 11:59:01)
rpgorigin https://demo.rpgorigin.com/(2022-02-03 11:59:01)
suwonweddinggroup https://demo.suwonweddinggroup.com/(2022-02-03 11:58:39)
lutherantours https://www.lutherantours.com/(2022-01-30 19:38:45)
boeckerusa https://www.boeckerusa.com/(2022-01-30 19:38:45)
proresourceinc https://www.proresourceinc.com/(2022-01-30 19:38:44)
sanantoniopoolmart https://www.sanantoniopoolmart.com/(2022-01-30 19:38:44)
emmausresort https://www.emmausresort.com/(2022-01-30 19:38:22)
homembt http://www.homembt.com/(2022-01-28 04:58:27)
radoneclock https://www.radoneclock.com/(2022-01-25 03:28:54)
texhort https://www.texhort.com/(2022-01-25 03:28:53)
vwww-office https://www.vwww-office.com/(2022-01-25 03:28:52)
esep-portal https://www.esep-portal.com/(2022-01-25 03:28:52)
binyorem https://www.binyorem.com/(2022-01-25 03:28:30)
akbolbelize https://www.akbolbelize.com/(2022-01-24 05:20:25)
mymandrin https://www.mymandrin.com/(2022-01-24 05:20:24)
tuffease https://www.tuffease.com/(2022-01-24 05:20:23)
gfbotanicals https://www.gfbotanicals.com/(2022-01-24 05:20:22)
alpatechconsulting https://www.alpatechconsulting.com/(2022-01-24 03:56:50)
macht-finance https://www.macht-finance.com/(2022-01-24 03:56:50)
fairqqonline https://www.fairqqonline.com/(2022-01-24 03:56:26)
ziqiwy https://demo.ziqiwy.com/(2022-01-21 10:02:32)
nishalspace https://demo.nishalspace.com/(2022-01-21 10:02:31)
lespitchousvoyagent https://demo.lespitchousvoyagent.com/(2022-01-21 10:02:03)
hamlock3r https://www.hamlock3r.com/(2022-01-17 05:08:20)
hbstimes https://www.hbstimes.com/(2022-01-17 05:08:19)
restbet481 https://www.restbet481.com/(2022-01-17 05:08:19)
ladonnabravablog https://www.ladonnabravablog.com/(2022-01-17 05:07:53)
bannersechler https://www.bannersechler.com/(2022-01-09 20:55:53)
luststyle https://www.luststyle.com/(2022-01-09 20:55:51)
forbiolabs https://www.forbiolabs.com/(2022-01-09 20:55:51)
eschoolman https://www.eschoolman.com/(2022-01-09 20:55:50)
brickrooftile https://www.brickrooftile.com/(2022-01-09 20:55:28)
sandliketalcum https://www.sandliketalcum.com/(2022-01-06 14:22:48)
smithlevi https://www.smithlevi.com/(2022-01-06 14:22:47)
innovafeline https://www.innovafeline.com/(2022-01-06 14:22:46)
lillyslim https://www.lillyslim.com/(2022-01-06 14:22:24)
lindalindstroem https://www.lindalindstroem.com/(2021-12-30 07:24:54)
digpik https://www.digpik.com/(2021-12-30 07:24:53)
freeigfonts https://www.freeigfonts.com/(2021-12-30 07:24:53)
inspiringolivia https://www.inspiringolivia.com/(2021-12-30 07:24:29)
easyriccione https://www.easyriccione.com/(2021-12-27 07:27:22)
grieftheunspoken https://www.grieftheunspoken.com/(2021-12-21 17:15:12)
ainhoaart https://www.ainhoaart.com/(2021-12-21 17:15:11)
utilitiesmanda https://www.utilitiesmanda.com/(2021-12-21 17:15:10)
kelleyyachtsales https://www.kelleyyachtsales.com/(2021-12-21 17:14:47)
statencom http://www.statencom.com/(2021-12-16 00:34:11)
alizeblue https://www.alizeblue.com/(2021-12-05 21:58:13)
obxpubcrawl https://www.obxpubcrawl.com/(2021-12-05 21:58:13)
ainhoaart https://www.ainhoaart.com/(2021-12-05 21:58:11)
thbogota https://www.thbogota.com/(2021-12-05 21:57:46)
dcchildcustody https://www.dcchildcustody.com/(2021-11-20 13:25:51)
hiteauto https://www.hiteauto.com/(2021-11-20 13:25:50)
youbuyweflytulsa https://www.youbuyweflytulsa.com/(2021-11-20 13:25:50)
menacingkittens https://www.menacingkittens.com/(2021-11-20 13:25:49)
konanatural https://www.konanatural.com/(2021-11-20 13:25:27)
reportermilan http://www.reportermilan.net/(2021-11-05 15:08:40)
evalempert http://www.evalempert.net/(2021-11-05 15:08:39)
rainbowcart http://www.rainbowcart.net/(2021-11-05 15:08:17)
Top Iran Sites
FUCK SHIA
www.fadak.org www.islamicfeqh.org
www.islam-pure.de www.aqrazavi.org
www.al-hewar.com www.wilayah.org www.khamenei.com
www.imam-khomeini.org www.bayynat.org www.lankarani.org www.najaf.org www.tabrizi.org www.makaremshirazi.org www.shahroudi.com
www.al-khoei.org www.imamsadeq.org www.nasrallah.net www.alhakeem.com www.yahosein.net www.iiny.org www.msapsg.org www.aldaleel.org www.shialink.org www.holyquran.net www.quran.org.uk www.qurannetwork.com www.mansak.com www.madressa.net www.duas.org www.emamali.net www.wabil.com
www.h-marafie.org www.sicm.org.uk www.moqawama.org
www.ahlul-bayt.org www.alhag.org www.alhussain.com
www.imam-hussein.org www.azadari.com
www.jamkaran.info www.playandlearn.org www.yaabbas.com www.zainab.org www.nidanet.org
www.islamic-studies.org www.alseraj.net www.yamahdi.org www.ejlasmahdi.com www.islam.org.nz www.almarkaz.net www.alhadi.org
www.saba-igc.org www.almizan.org
www.alhoda.ws www.yazahra.com www.hasanbooks.com www.geocities.com/islamicyellowpages www.jaffari.org
http://home.swipnet.se/islam
www.almahdi.co.uk www.ahlulbaitonline.com
http://66.221.74.102/ahlulbayt_link.html www.mesbahyazdi.org www.yamahdi.org
www.understanding-islam.com
www.searchersforthetruth.i12.com www.geocities.com/ahlulbayt14/index1.html www.winislam.com www.alkarbalaeia.net
www.ya-hussain.com www.shiamasjid.org www.sobh.org
http://www.cybercities.com/t/almasder
www.hamasat.8m.net
http://alnor.4t.com www.ghadir.org www.ghadeer.org/site/thekr/index.htm www.ghadeer.org/site/abasaleh/index.html www.ghadeer.org/main.html
www.iec-houston.org
http://www.motahari.net www.shahidchamran.com
http://bahonar.roshd.ir
http://sadr.hawzah.net www.14Masom.com www.geocities.com/ahlulbayt14/index1.html
http://www.sobh.org/Shohada/Shohada-Jahan-Islam/Shohada-Palestine/Shahid-Aldorah.htm www.sobh.org www.imamjawad.net
www.imamali.i12.com www.Montazar.net www.jameatulquran.com
http://www.imamreza.net www.yahosein.net www.etekaf.org www.imamsadrnews.org www.andisheqom.com www.islamicdatabank.com www.convertstoislam.com
http://rajaee.roshd.ir www.Shiasearch.net www.qomicis.com www.mobalegh.net
http://63.249.218.117
www.awqaf-ir.org www.qomnet.net www.aqlibrary.org www.basiji.net www.fotros.org www.icronet.org www.nahad.net www.nezam.org www.noorihamedani.com www.roshd.org www.abtahi.com www.aghabaha.com/index.htm
www.allame-jafari.com www.ardebili.com
http://esraco.com
http://esraco.com/html/beetwen_bio1.htm
www.gharavi-aliari.com www.masoumeh.com www.navabsafavi.com www.saafi.net
http://amini.hawzah.net
http://farsi.tabrizi.org www.ghadeer.org/site/Al-darss/index.html www.holydefence.com/home.htm www.irib.com/presidency/occasion/Sacred-Defence.htm
http://mehr.sharif.edu/~jelveh/defa www.cressnet.com/war/index-f.html www.farhangeisar.com www.ghadeer.org/site/qasas/index.htm www.ghadeer.org/site/thekr/index.htm www.sabokbalan.com www.fakkeh.org www.avini.com www.ghadeer.org/site/tarbeiat/Default.html www.islamhoo.com www.jameeh.com www.iranwomen.org www.owghat.com www.maarefquran.com www.chehreha.com www.hafezan.org www.beheshti.org www.shahbazi.org www.qaraati.com www.rafed.net/arc/index.html www.imamkazem.net www.imambaqer.net www.imamcenter.org www.canoon.org www.mirath.com www.payameshargh.com www.salehin.com www.iranpolitics.net
www.j-alzahra.org www.mahooz.com www.alshaer.net
www.ic-el.org www.danafajr.com
www.karbala-najaf.org www.ashura.com www.fabonline.com www.karbala.com www.islam4u.com www.annajat.com www.aalalrasool.com www.taghrib.org www.fadak.org www.islamicfeqh.org
www.islam-pure.de www.aqrazavi.org
www.al-hewar.com
al-imam.net www.shia.org www.balagh.net www.hajr.org
www.u-of-islam.org www.alkawthar.com
www.ahl-ul-bayt.org www.hadith.net www.emamreza.net www.rafed.net www.aqaed.com www.imamalinet.net
www.al-islam.org
www.al-shia.com www.hawzah.net www.iranjudiciary.org
www.mche.or.ir www.iranscict.org www.policeir.com
www.hbi.dmr.or.ir www.tehrancouncil.com www.afghaniran.com www.ghest.com
www.iran-bonyad.org
www.gov.ir
www.majlis.ir
www.president.ir
www.fco.gov.uk
www.majlis.ir
www.ambadane.tehran.suite.dk
www.irandoc.ac.ir www.dialoguecenter.org www.irsteel.com
www.itc.ir
www.bhrc.gov.ir www.iranwomen.org www.iranstreetchildren.com www.sgccir.com
www.iranologyof.ir
www.dr-mfa.gov.ir
www.mfa,gov.ir
www.mmm.gov.ir
www.economicaffairs.ir
www.farhang.gov.ir
www.icic.gov.ir
www.icm.gov.ir www.iranministryofcommerce.com
www.mefa.gov.ir www.irall.com
www.ptt.gov.ir
www.moe.or.ir www.iranindustry.com
www.hbi.ir www.policeiri.org
www.itrc.ir
www.icic.gov.ir
www.dci.co.ir
www.issi.ir www.iranreri.com
www.culture-education.org www.irost.com
www.wrm.or.ir www.irantvto.com www.nyoir.org www.tavanir.org www.irpost.com
www.icro-euroamerica.com www.irisl.net www.iranmiras.org www.mporo.com www.elixiran.com www.doimil.com
www.gsi-iran.org/p/index.html www.iramdoe.org
www.tto-ir.org
www.csro-iran.org www.tto.org
www.oic.un.org www.idro.org www.irantpcnet.com www.ncc.org.ir www.irrcs.org www.sanjedh.org www.iranprisons.org
www.tehran-gis.com
www.nigc.ir www.farhangnet.org www.nahad.net
www.ncsd.iran.org
www.radtel.or.ir
www.fcic.ir.org
balatarin.com
www.irna.ir
more
http://www.schoolnet.ir/~darolelm/urls.htm
more
the top
http://www.medianews.ir/fa/2009/05/01/iran-top-websites-1387.html
more
http://www.topshia.com/
Fuck all shia iran
(2010-01-15 00:16:43)