( ~~~ )
  ))^ ^((
 ((* - *))
   _) (_
 / '--' \     ^
//(_  _)\\   /_\
\\ )__( //   .'
 (( v  ))   (
   \| /\     '-.
    K(  \       )
    |\\  '-._.-'
    ||\\
  *_-P/,P
     '-
Want your PHP application manually audited? Check out Xxor AB's PHP Security Auditing Service

Thursday, July 7, 2011

phpMyAdmin 3.x Multiple Remote Code Executions

This post details a few interesting vulnerabilities I found while relaxing and reading the sourcecode of phpMyAdmin. My original advisory can be found here.

If you would like me to audit your PHP project, check out Xxor's PHP security auditing service. http://www.xxor.se/services/php-security-audit.php

The first vulnerability

File: libraries/auth/swekey/swekey.auth.lib.php
Lines: 266-276
Patched in: 3.3.10.2 and 3.4.3.1
Type: Variable Manipulation
Assigned CVE id: CVE-2011-2505
PMA Announcement-ID: PMASA-2011-5 if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false) { parse_str($_SERVER['QUERY_STRING']); session_write_close(); session_id($session_to_unset); session_start(); $_SESSION = array(); session_write_close(); session_destroy(); exit; } Notice the call to parse_str on line 268 that passes the query string as it's first argument. It's missing a second argument. This means that what ever parameters and values are present in the query string will be used as variables in the current namespace. But since the code path that executes the call to parse_str inevitably leads to a call to exit there ain't much to exploit. However the session variables persists between requests. Thus giving us full control of the $_SESSION array.

When reading the code, you might believe that the session gets destroyed. But the call to session_write_close on line 269 saves the modified session, and the call to session_id on line 270 switches session. This could be confuseing when testing in a browser because the call to session_start will send a new cookie instructing the browser to forget about the modified session.

From here on there are numerous XSS and SQL injection vulnerabilities open for attack. But we'll focus on three far more serious vulnerabilities.

The second vulnerability

Patched in: 3.3.10.2 and 3.4.3.1
Type: Remote Static Code Injection
Assigned CVE id: CVE-2011-2506
PMA Announcement-ID: PMASA-2011-6

File: setup/lib/ConfigGenerator.class.php
Lines: 16-78
/** * Creates config file * * @return string */ public static function getConfigFile() { $cf = ConfigFile::getInstance(); $crlf = (isset($_SESSION['eol']) && $_SESSION['eol'] == 'win') ? "\r\n" : "\n"; $c = $cf->getConfig(); // header $ret = 'get('PMA_VERSION') . ' setup script' . $crlf . ' * Date: ' . date(DATE_RFC1123) . $crlf . ' */' . $crlf . $crlf; // servers if ($cf->getServerCount() > 0) { $ret .= "/* Servers configuration */$crlf\$i = 0;" . $crlf . $crlf; foreach ($c['Servers'] as $id => $server) { $ret .= '/* Server: ' . strtr($cf->getServerName($id), '*/', '-') . " [$id] */" . $crlf . '$i++;' . $crlf; foreach ($server as $k => $v) { $k = preg_replace('/[^A-Za-z0-9_]/', '_', $k); $ret .= "\$cfg['Servers'][\$i]['$k'] = " . (is_array($v) && self::_isZeroBasedArray($v) ? self::_exportZeroBasedArray($v, $crlf) : var_export($v, true)) . ';' . $crlf; } $ret .= $crlf; } $ret .= '/* End of servers configuration */' . $crlf . $crlf; } unset($c['Servers']); // other settings $persistKeys = $cf->getPersistKeysMap(); foreach ($c as $k => $v) { $k = preg_replace('/[^A-Za-z0-9_]/', '_', $k); $ret .= self::_getVarExport($k, $v, $crlf); if (isset($persistKeys[$k])) { unset($persistKeys[$k]); } } // keep 1d array keys which are present in $persist_keys (config.values.php) foreach (array_keys($persistKeys) as $k) { if (strpos($k, '/') === false) { $k = preg_replace('/[^A-Za-z0-9_]/', '_', $k); $ret .= self::_getVarExport($k, $cf->getDefault($k), $crlf); } } $ret .= '?>'; return $ret; } On line 42 in this file a comment is created to show some additional information in a config file. We can see that the output of the call to $cf->getServerName($id) is sanitized to prevent user input from closing the comment. However $id, the key of the $c['Servers'] array, is not. So if we could rename a key in this array we could close the comment and inject arbitrary PHP code.
On line 26 the $c array is created from a call to $cf->getConfig().

File: libraries/config/ConfigFile.class.php
Lines: 469-482
/** * Returns configuration array (full, multidimensional format) * * @return array */ public function getConfig() { $c = $_SESSION[$this->id]; foreach ($this->cfgUpdateReadMapping as $map_to => $map_from) { PMA_array_write($map_to, $c, PMA_array_read($map_from, $c)); PMA_array_remove($map_from, $c); } return $c; } Bingo! The $c array is derived from the $_SESSION array hence we could have full control of its contents by utilizing the first vulnerability. Now we can inject arbitrary PHP code that will be saved into the file config/config.inc.php. Then we would just browse to this file and the webserver would executed it.

This vulnerability requires one specific condition. The config directory must have been left in place after the initial configuration. This is something advised against and hence a majority of servers wont be susceptible to this attack. Therefor we'll check out a third and a fourth vulnerability.

The third vulnerability

Patched in: 3.3.10.2 and 3.4.3.1
Type: Authenticated Remote Code Execution
Assigned CVE id: CVE-2011-2507
PMA Announcement-ID: PMASA-2011-7

File: server_synchronize.php
Line: 466
$trg_db = $_SESSION['trg_db']; Line: 477 $uncommon_tables = $_SESSION['uncommon_tables']; Line: 674 PMA_createTargetTables($src_db, $trg_db, $src_link, $trg_link, $uncommon_tables, $uncommon_table_structure_diff[$s], $uncommon_tables_fields, false); File: libraries/server_synchronize.lib.php
Lines: 613-631 function PMA_createTargetTables($src_db, $trg_db, $src_link, $trg_link, &$uncommon_tables, $table_index, &$uncommon_tables_fields, $display) { if (isset($uncommon_tables[$table_index])) { $fields_result = PMA_DBI_get_fields($src_db, $uncommon_tables[$table_index], $src_link); $fields = array(); foreach ($fields_result as $each_field) { $field_name = $each_field['Field']; $fields[] = $field_name; } $uncommon_tables_fields[$table_index] = $fields; $Create_Query = PMA_DBI_fetch_value("SHOW CREATE TABLE " . PMA_backquote($src_db) . '.' . PMA_backquote($uncommon_tables[$table_index]), 0, 1, $src_link); // Replace the src table name with a `dbname`.`tablename` $Create_Table_Query = preg_replace('/' . PMA_backquote($uncommon_tables[$table_index]) . '/', PMA_backquote($trg_db) . '.' .PMA_backquote($uncommon_tables[$table_index]), $Create_Query, $limit = 1 ); The variables $uncommon_tables[$table_index] and $trg_db are derived from the $_SESSION array. By utilizing the first vulnerability we can inject what ever we want into both the first and the second argument of the function preg_replace on lines 627-631. In a previous post to this blog I've detailed how this condition can be turned into a remote code execution. Basicly we can inject the "e" modifier into the regexp pattern which causes the second argument to be executed as PHP code.

This vulnerability have two major restrictions from an attackers perspective. First the Suhosin patch that completly defends against this type of attack. Second, this piece of code can only be reached if we're authenticated. So to exploit it we would need to have previous knowledge of credentials to an account of the database that phpMyAdmin is set up to manage. Except for some obscure configurations that allows us to bypass this restriction.

Since the Suhosin patch is pretty popular, and for example compiled by default in OpenBSD's PHP packages, it's worth exploring a fourth vulnerability.

The fourth vulnerability

Patched in: 3.3.10.2 and 3.4.3.1
Type: Path Traversal
Assigned CVE id: CVE-2011-2508
PMA Announcement-ID: PMASA-2011-8

File: libraries/display_tbl.lib.php
Lines: 1291-1299 if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) { if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) { $include_file = $GLOBALS['mime_map'][$meta->name]['transformation']; if (file_exists('./libraries/transformations/' . $include_file)) { $transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']); require_once './libraries/transformations/' . $include_file; This fourth vulnerability is a directory traversal in a call to require_once which can be exploited as a local file inclusion. The variable $GLOBALS['mime_map'][$meta->name]['transformation'] is derived from user input. For example, by setting $GLOBALS['mime_map'][$meta->name]['transformation'] to "../../../../../../etc/passwd" the local passwd-file could show up.

This vulnerability can only be reached if we're authenticated and requires that the transformation feature is setup correctly in phpMyAdmin's configuration storage. However, the $GLOBALS['cfgRelation'] array is derived from the $_SESSION array. Hence the variable $GLOBALS['cfgRelation']['mimework'] used to check this can be modified using the first vulnerability.

File: libraries/display_tbl.lib.php
Lines: 707-710 if ($GLOBALS['cfgRelation']['commwork'] && $GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME'] && ! $_SESSION['tmp_user_values']['hide_transformation']) { require_once './libraries/transformations.lib.php'; $GLOBALS['mime_map'] = PMA_getMIME($db, $table); } And the fact that $GLOBALS['mime_map'] is conditionally initialized together with the fact that phpMyAdmin registers all request variables in the global namespace (blacklists some, but not mime_map) allows us to set $GLOBALS['mime_map'][$meta->name]['transformation'] to whatever we want, even when the transformation feature is not setup correctly.

Summary

  • If the config folder is left in place, phpMyAdmin is vulnerable.

  • If an attacker has access to database credentials and the Suhosin patch is not installed, phpMyAdmin is vulnerable.

  • If an attacker has access to database credentials and knows how to exploit a local file inclution, phpMyAdmin is vulnerable.

Exploits


Here are some exploits that have appeard so far, sorted in chronological order.

phpMyAdmin3 (pma3) Remote Code Execution Exploit written in python by wofeiwo exploiting vulnerability 1 and 2.
http://www.exploit-db.com/exploits/17510/

phpMyAdmin 3.x preg_replace RCE POC written in php by Mango exploiting vulnerability 1 and 3. This isn't really an exploit, just a POC.
http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html

phpMyAdmin 3.x Swekey RCI Exploit written in php by Mango exploiting vulnerability 1 and 2.
http://ha.xxor.se/2011/07/phpmyadmin-3x-swekey-rci-exploit.html

An extra noteworthy exploit is this one created by M4g exploiting vulnerability 1. He paired the first vulnerability with a rougthly one year old bug in the PHP core. The PHP Session Serializer Session Data Injection Vulnerability found by Stefan Esser.
http://snipper.ru/view/103/phpmyadmin-33102-3431-session-serializer-arbitrary-php-code-execution-exploit/
Or for those of us who can't read Russian, use Google translate.

834 comments:

  1. In The first vulnerability

    If I inject Arbitrate Session via $_SERVER['QUERY_STRING'] why session doesn't reset after session_start()

    ReplyDelete
  2. @Anonymous

    Your original session is modified by:
    parse_str($_SERVER['QUERY_STRING']);

    Then it switches session with:
    session_id($session_to_unset);

    Then the new session is reset using:
    session_start();

    Your original session remains and is modified.

    Don't try to test this issue in a browser. Write a script to handle the cookies and requests yourself.

    ReplyDelete
  3. @Mango
    How to modify that session with $_SERVER['QUERY_STRING']

    is it right way?

    ./swekey.auth.lib.php?_SESSION['attribute']=myvalue&session_to_unset=null

    but why i can't modify Session

    ReplyDelete
  4. @Josh

    ./index.php?_SESSION[attribute]=myvalue&session_to_unset=null

    It cant be done with a browser. Since you need to retain your old cookies when it switches session.

    ReplyDelete
  5. what about the directory traversal bug how is that usable ? an example link would be gladly welcomed.

    ReplyDelete
  6. @Anonymous2

    It's usable as a LFI.

    If the transformation feature in phpMyAdmin is setup correctly, you can insert the path in it's interface. Otherwise you need to write a script to use the first vulnerability.

    ReplyDelete
  7. can you give me an e-mail of yours or something like that to talk to you faster or this comment area should be more then enough ?

    ReplyDelete
  8. Finns du på irc någonstans? Mail är så 1999 :p

    ReplyDelete
  9. This comment has been removed by the author.

    ReplyDelete
  10. @0x6a616d6573

    POC released: http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html

    ReplyDelete
  11. @Anonymous

    Har lite tight tid vid datorn i veckan. Droppa mig ett mail med en kanal/server så ska jag titta in är ja kan.

    ReplyDelete
  12. It seems it's not the Suhosin patch which will defend against the /e modifier attack, but rather the extension combined with the following, off-by-default option:

    http://www.hardened-php.net/suhosin/configuration.html#suhosin.executor.disable_emodifier

    Interesting vulnerabilities. Thanks for sharing.

    ReplyDelete
  13. What is SESSION That can modify $GLOBALS['cfgRelation']

    ReplyDelete
  14. @Anonymous
    The exploit utilizes a null byte injection in preg_replace which Suhosin patches. I don't believe that can be turned off.

    @Anonymous
    Check out line 98 in
    libraries\config\ConfigFile.class.php.
    $this->id = 'ConfigFile' . $GLOBALS['server'];

    ReplyDelete
  15. hello i trying to scan in wild but nothing seems to be vulnerable all pma servers is 2.* instaled on servers anywoane any ideea ? a dork for PMA 3.*?

    ReplyDelete
  16. Awful breath of air may well be one of many main puppy peeves inside interpersonal interaction. This particular full difficulty connected with bad breath of air is a entire bummer as it can not be attended to without annoying anybody concerned.Kyäni

    ReplyDelete
  17. You'll get the quality seo services for your business only from the best seo company in india. Because they have experienced seo experts who deliver you the best results as per your expectations.

    ReplyDelete
  18. There are many mobile game developers in india who claimed that they are the best mobile game developers but you should see the portfolio and customer reviews before hiring a particular mobile app developer.

    ReplyDelete
  19. Get magento ecommerce development india services from the best magento ecomemrce development company who has a team of best magento developers having many years of experience.

    ReplyDelete
  20. Thank you for the providing the platform to share knowledge with each other. Also, if you have any query realted to Esta Price please do visit at esta-official.co.uk

    ReplyDelete
  21. Les autorisations officielles ESTA sont simples et rapides à un prix ESTA abordable. Votre formulaire ESTA pour voyager aux États-Unis est disponible. Partez aux USA avec votre VISA ESTA en main.

    ReplyDelete
  22. Great Post. I can see how much effort you make to write this post. Other than this, if you want to know oil and gas asset integrity then please cenosco.com to know more.

    ReplyDelete
  23. Thanks for sharing the awesome article. Also, if you want to choose the best game companies for your work then I'll strongly suggest you to go for RV Technologies.

    ReplyDelete
  24. Hi,

    Nice Post. Thanks for sharing information about remote code and I appreciate your effort. If you want to buy guest post services at very affordable price.

    ReplyDelete
  25. Thanks for the information. If you want to increase your youtube subscribers you have to visit YTBPALS to have the all the benefits.

    ReplyDelete
  26. This is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. Professional Web design services are provided by W3BMINDS- Website designer in Lucknow.
    Web development Company | Web design company

    ReplyDelete
  27. This comment has been removed by the author.

    ReplyDelete
  28. This comment has been removed by the author.

    ReplyDelete
  29. This comment has been removed by the author.

    ReplyDelete
  30. A very cool article, I am extremely glad that I found it. I am a beginner program and your help really helped me, thank you. Also go to my resource where you can buy instagram likes , the resource is very reliable and works quickly, it delivers likes instantly.

    ReplyDelete
  31. Thanks for sharing this informative blog post!

    There is no doubt that CBD is everywhere! So, It is being widely used as the treatment for the stress and anxiety. So, one can buy cbd oil for anxiety online for living a stress free life.

    But one should check the list of all top CBD oil providers.

    Also check: https://cbdlabscorp.blogspot.com/2019/10/hemp-oil-effective-remedy-for-stress.html

    ReplyDelete
  32. This is a topic that is near to my heart... Cheers! Where are your contact details though?KBC Game Show

    ReplyDelete
  33. I would like to thank you for taking me different world while reading those amazing love shayari in english . I am highly impressed by the content of shayari which is really appreicable.

    ReplyDelete
  34. A motivating discussion is definitely worth comment. I believe that you should write more about this issue, it might not be a taboo matter but typically people don't discuss such subjects. To the next! Best wishes!! kbc official winner

    ReplyDelete
  35. If you are a owner and you have a website then you go for Affordable seo services. That’s can be provide you the ranking and also helps to take the organic traffic from the Google.

    ReplyDelete
  36. Hello, i really feel happy when i read this post and get some knowledge to read this post thanks for sharing.
    proinseo
    professional seo sevices company

    ReplyDelete
  37. Very efficiently written information. It will be beneficial to anybody who utilizes it, including me. Keep up the good work. For sure i will check out more posts. This site seems to get a good amount of visitors. free instagram likes

    ReplyDelete
  38. Thanks for sharing this informative blog post!

    There is no deny that most of the people are suffering from the increasing weight problem.

    For this, they need to look for the safe and effective weight loss treatment which includes proper diet, exercise and treatments like Gastri Ball:

    https://gastriball.com/en/
    https://gastriball.com/ar/
    https://gastriball.com/no/

    ReplyDelete
  39. Great Article. Thank you for sharing! Really an awesome post for every one.

    IEEE Final Year projects Project Centers in Chennai are consistently sought after. Final Year Students Projects take a shot at them to improve their aptitudes, while specialists like the enjoyment in interfering with innovation. For experts, it's an alternate ball game through and through. Smaller than expected IEEE Final Year project centers ground for all fragments of CSE & IT engineers hoping to assemble. Final Year Project Domains for IT It gives you tips and rules that is progressively critical to consider while choosing any final year project point.

    Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Spring Framework Corporate TRaining the authors explore the idea of using Java in Big Data platforms.
    Specifically, Spring Framework provides various tasks are geared around preparing data for further analysis and visualization. Spring Training in Chennai

    ReplyDelete
  40. Everyone prefer to be refreshed after sometime but due to the work load it won't be possible but it can be possible during the work if you opt strawberry flavored e juice for your consuption.

    ReplyDelete
  41. There is an golden opportunity for all indian students to take bba admission in the top international bba colleges. SOIS provide the distance education and training and you'll get a degree after the completion of the course is affiliated and approved from the various international universities.

    ReplyDelete
  42. Online pharmacy UK could help you in getting your prescribed at your doorstep without stepping out from your home! They will provide you the medicine home delivery at any time of the day.

    https://bedford-pharmacy.weebly.com/

    ReplyDelete
  43. Thanks for sharing this informative blog post!

    Are you traveling to a place where chances of flu disease are high then for the safer side you should get the flu vaccinations Uk. Get in touch with the experts.

    ReplyDelete
  44. Thanks for sharing this informative blog post!

    Looking for the best creative retouching service for your brand then you should for the topmost brand retouching companies and hire the one having higher number of the positive reviews.

    ReplyDelete
  45. Nice Information. Thanks for sharing this Post. Are you looking for web design and mobile app development for your company or business please contact Calvin Seng your freelance website designer and mobile app developer in Singapore. Structure your business website and get web hosting FREE.

    Click the below links know more the offers:

    App Development
    Online Marketing SEO Singapore
    Branding Design Singapore
    Web Designer Singapore
    Digital Marketing Agency in Singapore
    Web Developer Singapore
    BaZi Branding Singapore
    新加坡专业网站建设公司
    新加坡网页设计

    ReplyDelete
  46. Great and Informative article, Thanks for sharing this valuable information with us. We are also SEO Company in India providing SEO, SMO, SMM, SEM, PPC, ORM, service worldwide.

    ReplyDelete
  47. This is very and excellent post thanks for share. We provide quick service of Home appliance repair Dubai Abu Dhabi and across UAE.

    ReplyDelete
  48. Thanks for sharing the wonderful information. It means a lot to me. If you're looking for wooden frame sunglasses then riglook is the perfect place for you. Please visit website for more information.

    ReplyDelete
  49. Buy premium sex toys online in India for men & women at the best prices on trykartehai.com discreetly with free shipping & CoD.100% Genuine Products!

    ReplyDelete
  50. I must thank you for the efforts you've put in penning this blog. I am hoping to check out the same high-grade content from you in the future as well. In fact, your creative informative writing abilities has motivated me to get my own website now ;)

    ReplyDelete
  51. This is the perfect website for anybody who hopes to find out about this topic. You know so much its almost hard to argue with you (not that I actually will need to…HaHa).info You certainly put a new spin on a subject that's been written about for years. Excellent stuff, just great!

    ReplyDelete
  52. You need to take part in a contest for one of the greatest websites on the internet. I most certainly will recommend this KBC Official website!

    ReplyDelete
  53. Hello there, I do think your blog could be having internet browser compatibility issues. When I take a look at your blog in Safari, it looks fine however, if opening in Internet Explorer, it's got some overlapping issues. I merely wanted to give you a quick heads up! Apart from that, Jio KBC fantastic site!

    ReplyDelete
  54. Cập nhập tin tức nóng hổi về chính trị, không bị kiểm soát bởi chính trị, tổng hợp tin tức, đồng phục:
    Những món ăn giúp trẻ lâu
    Tôi xin quay lưng với chùa
    áo lớp phản quang

    ReplyDelete
  55. We are one of the best seo company in India. You can contact us for pocket friendly seo services in India.
    123.hp.com

    123.hp.com/setup

    ReplyDelete
  56. visit here for new wireless device setup at 123. hp. com. get setp by setp guidance here.

    san diego seo expert

    seo company in india

    ReplyDelete
  57. You can get information about mywifiext setup here. Our experts will guide you very easy steps so that you can setup your new extender by yourself

    mywifiext

    mywifiext local

    mywifiext.local

    www.mywifiext.local

    ReplyDelete
  58. Do you want the best shayari website that will deliver you the best and latest cute shayari in hindi? If yes, then you should go for the best shayari website i.e. https://shayarikapitara.com

    ReplyDelete
  59. Must go for the best UV Printer Supplier for the best UV Printing Technology. PH UV Printer provide you the best flatbed uv printer at affordable prices in India which will provide you the best printing.

    ReplyDelete
  60. Are you searching for the best digital marketing company in chandigarh? Then why don't you prefer digital expert solution. Yes, it is the best digital marketing company who will provide you the best digital marketing services at affordable prices delivered by the team of professional

    ReplyDelete
  61. Thanks For Sharing, I really happy to find your post, viral your posts on Instagram with free Instagram followers and likes.

    Free Instagram Likes Trial

    Free Instagram Followers

    ReplyDelete
  62. The way you presented the blog is really good. Thanks for sharing with us...
    www.techoli.com

    ReplyDelete
  63. after reading this web site I am very satisfied simply because this site is providing comprehensive knowledge for you to audience.
    Thank you to the perform as well as discuss anything incredibly important in my opinion. We loose time waiting for your next article writing in addition to I beg one to get back to pay a visit to our website in
    AWS training in chennai | AWS training in anna nagar | AWS training in omr | AWS training in porur | AWS training in tambaram | AWS training in velachery

    ReplyDelete
  64. Nice Post thanks for the information, good information & very helpful for others,Thanks for Fantasctic blog and its to much informatic which i never think ..Keep writing and grwoing your self
    love shayari in english

    ReplyDelete
  65. thanks for sharing this informations.
    Selenium Training in Coimbatore

    Software Testing Course in Coimbatore

    python training institute in coimbatore

    data science training in coimbatore

    android training institutes in coimbatore

    ios training in coimbatore

    aws training in coimbatore

    ReplyDelete
  66. Buy the best and affordable uv printer in India from PH UV Printer. The one and only uv printer supplier in India who will provide you the best and premium quality uv printer in India. If you want to know more about it then you can go for the official website of PH UV Printer.

    ReplyDelete
  67. If you really want to become a social worker then you should lean more about the kricpy khera https://krispykhera.com/ which is the best social worker in chandigarh provide help to the various poor people and give them economical and financial help both. If you want to know more about the vision of women empowerment in india then you can find a blog present over the official website of krispy khera.

    ReplyDelete
  68. AllAssignmentHelp is the best website for delivering the accounting assignment help and homework help services. The assignment expert team will help the students in getting good grades and marks with quality and plagiarism free solutions. AllAssignmentHelp is the best place where you can the solve your all academic needs.
    do my accounting homework
    hire assignment expert
    help with my assignment
    assignment helper
    essay writer online

    ReplyDelete
  69. Wow! Such an amazing and helpful post this is. I really really love it. It's so good and so awesome. I am just amazed. I hope that you continue to do your work like this in the future also.

    Data Science Course

    ReplyDelete
  70. It is perfect time to make some plans for the future and it is time to be happy. I’ve read this post and if I could I desire to suggest you few interesting things or tips. Perhaps you could write next articles referring to this article. I want to read more things about it!

    Data Science Training

    ReplyDelete
  71. After reading your article I was amazed. I know that you explain it very well. And I hope that other readers will also experience how I feel after reading your article.
    Data Science Certification in Bangalore

    ReplyDelete
  72. Wonderful blog!!! Thanks for sharing this great information with us...

    https://www.acte.in/ielts-coaching-chennai
    https://www.acte.in/german-classes-in-chennai
    https://www.acte.in/gre-coaching-classes-in-chennai
    https://www.acte.in/toefl-coaching-in-chennai
    https://www.acte.in/spoken-english-classes-in-chennai

    ReplyDelete
  73. What is a WPS pin?
    Well, the WPS Pin connects the HP Printer to the wireless network; it is also known as a WiFi protected setup pin. To get this code, you have two options either from the back of the router or you can get from the printer control panel. Firstly you should check beneath your router or at the end of it; if you can’t find it over there, then follow this process- press the home menu on your printer control panel then press the wireless icon. After that click wireless option and then press Wifi protected setup, now click Generate personal identification number, and note down your WPS pin.
    WPS Pin On Printer
    WPS Pin Printer
    what is a WPS Pin

    ReplyDelete
  74. These Assignment Writers who are capable of doing any writing services, and many other writing services such as Dissertation Writing Services, Assignment Help for various subjects such as Engineering Assignment, Statistics for the students across Australia, and also for students across UK, USA, Malaysia and various other countries.

    ReplyDelete
  75. Are you stray in an exploration of the best programming assignment experts whom you can ask to do my programming assignment? Visit Myassignmenthelperonline where you get the assignment help Sydney for all kinds of academic paper writing work either it is programming or literature subject.

    ReplyDelete
  76. When you give an appropriate command to your canon printer for printing the important documents, suddenly your canon printer goes offline. It becomes very difficult situation for you. It will not easy for you to come out from this offline error. When your Canon printer offline becomes annoying, you can apply our troubleshooting steps to come out from this technical glitch. Our printer technicians are highly skilled and experienced to bring back your canon printer from offline to online mode in the correct ways. Our live printer technicians are always dedicated to provide instant printer help for any type of technical problems. For any kind of technical help, you can call at our helpline number to obtain quality assistance.

    ReplyDelete
  77. THE BEST AGENCY SERVING CLIENTS COUNTRYWIDE
    Located in Delhi, Webmarts is a professionally managed digital marketing agency offering a host of demanding services. We offer SEO services, web development, web designing, social media marketing, and more services to clients in different businesses.

    Pay per click packages delhi
    Best PPC company in Delhi
    pay per click packages in Delhi
    Best ppc company Delhi
    Best ppc services in Delhi
    Top rated ppc agency in Delhi

    ReplyDelete
  78. Are you looking for a solution to fix QB update error 1328? Well, we are a team of QuickBooks experts and professionals who can help you fix QuickBooks Error 1328, which occurs due to corrupted file, improper file installation, or malware and virus attacks. We know the importance of QuickBooks, which helps in managing your funds, payroll functions, and bill payments. But the errors 1328 would not let you work smoothly with QB; hence you will need to get rid of this error, which can be done by renaming the config.msi file and adding an extension .old at the back. Another most effective method is to repair the damaged registry file in QuickBooks application. If you find any trouble in following the procedure, then consider contacting our QuickBooks experts.

    ReplyDelete
  79. Place an order for Assignment Help  in Singapore so you can connect with professional writers. Pay a good amount to buy the services of online assignment help even in Singapore.

    ReplyDelete
  80. Hallo, teman-teman semua nya kami dari agen indowins ingin menawarkan berbagai jenis permainan dan bonus. whatshapp : +85587536868
    judi online

    ReplyDelete
  81. I was looking for the latest information about phpMyAdmin 3.x Multiple Remote Code Executions. Thanks for share detail information about its security system. Dissertation Writing Services

    ReplyDelete
  82. McAfee is one of the best and powerful antivirus software, if you’re finding for an antivirus program for your computer system. You can install, and activate McAfee antivirus software at mcafee.com/activate. This antivirus program provides the safe and secure online browsing and safeguards all your important and valuable data. If you get stuck to install McAfee antivirus software, you can take specialized help from our certified antivirus experts.

    ReplyDelete
  83. Online assignment help connects students with professional assignment writers even in the UK. So, place your order for excellent online assignment writing services with trustworthy service providers like us.

    ReplyDelete
  84. In this time Ignou MLIP course is doing by very less students. In this course, Pupils gain their knowledge about library and information science. Students also complete their ignou mlip 02 project for this course. Our team helps the students to complete all types of ignou projects like Ignou mcsp 060 project etc.

    ReplyDelete
  85. E-mail, SMS, voicemail, address book access! (Optional) If you jailbreak your iPhone you can access the real root of your iPhone and recover your address book, SMS, e-mails and more.iexplorer crack

    ReplyDelete
  86. wtfast crack lifetime activation 2020 is the best way for gamers who want to improve the performance speed of your games and reduce the disconnectivity and spikes. WTFAST Crack premium gaming on the web could be a long way from an activity pressed ordeal when the web network is uncalled for and continues losing availability consistently. These slacks in the diversion can be a mood killer and diminish the gaming background. To tackle the issue with ping availability, the group at WTFast, built up a product device that can support flag quality and successfully increment speeds by 70%. Brought into reality in 2009 by a group of alluring gamers and programming designers, the WTFast cracked went ahead to wind up plainly one of the pioneers in diversion bolster. They created progressed online increasing speed programming that improved the gaming knowledge and took it to a totally new level. Their administration is refreshing over the world for its dependability.

    ReplyDelete
  87. Extraordinary blog went amazed with the content that they have developed in a very descriptive manner. This type of content surely ensures the participants to explore themselves. Hope you deliver the same near the future as well. Gratitude to the blogger for the efforts.

    360DigiTMG Cloud Computing Course

    ReplyDelete
  88. This is the best post I have ever seen. Very clear and simple. Mid-portion Is quite interesting though. Keep doing this. I will visit your site again.
    rebel without a cause jacket

    ReplyDelete
  89. Suddenlink Communications provides free webmail services and WiFi services to all its clients. If you are looking for the correct procedure to access the suddenlink email login in order to manage your account, you are on the best site. This quick blog will take you through the login steps and you will also learn how to reset your forgotten password or username.

    ReplyDelete
  90. Use Assignment Help services if you don’t find anything to compose your academic paper or homework. Sometimes, you can’t concentrate on your studies because of being busy with many activities and find hard to write your assignment. So, take the online help of experts and find some more hands for drafting the documents. When you don’t find sufficient time for managing the different activities of assignment writing, then you have to make the right option. This is the best option to finish your papers without any tension.
    Online Assignment
    help with my assignment

    ReplyDelete
  91. Daily Tactics Guru is one of the fast-growing blogging platforms, where you will get opinions and information regarding various significant aspects of the progressive world. Daily Tactics Guru accepts all niche content like Business, Current affairs, Economy, Lifestyle Food, technology as well.

    ReplyDelete
  92. Can’t transfer money from Paypal to Cash app because of icon glitch?
    There can be times when you might have trouble with the issue while you are sending money from paypal to cash app because of icon glitch. To resolve this issue, you can try rebooting the device or o visit some tech help site for assistance. You can also dial the help number to get assistance too.

    ReplyDelete
  93. Can Cash app customer service explain quite far?

    Here, you can see quite far which is depicted more or less. There is two spending limit, one is for the non-checked customer and other is for affirmed customers. If you are a non-checked customer, by then, you can consume $250 dollar in any 7-days time range and get up to $1000 in any 30-days term. To know more, contact Cash app customer service.

    ReplyDelete
  94. Nursing assignment help connects you with professional academic writers and solves all queries without taking your much time. Submit your nursing papers on time using the services of online assignment help.

    ReplyDelete
  95. Free ig followers for business can give you a fantastic approach opportunity through which you can gain insights and make your online visibility stronger.

    ReplyDelete
  96. This is a good code to deploy multiple websites at once which very efficient for website designers malaysia handling multiple websites at one time!

    ReplyDelete
  97. Great blog, thanks for sharing with us. Ogen Infosystem is a leading web designing service provider in Delhi, India.
    Website Designing Company in India

    ReplyDelete
  98. If you are the one looking for the sofa polishing in Noida then, you are at the right place. Your search for the sofa polishing ends here. MMK Sofa Repairs is currently one of the best firms providing the best sofa polishing in Noida sectors..

    sofa manufacturer in Noida
    sofa set repairs in Noida
    sofa repair in greater Noida
    sofa repair near me
    sofa repair in Noida
    sofa polishing in Noida
    Sofa dry cleaner in Noida
    sofa repair shop near me
    sofa repair shop in Noida
    sofa set manufacturer in Noida

    ReplyDelete
  99. Very interesting blog. Many blogs I see these days do not really provide anything that attracts others, but believe me the way you interact is literally awesome.You can also check my articles as well.

    Security Guard License
    Ontario Security License
    Security License Ontario
    Security License

    Thank you..

    ReplyDelete
  100. How make transaction from Apple Pay to Cash App?
    To make a transaction from Apple Pay to Cash App, you need to add Apple pay with your Cash app Card. For this, you have to sit on the Visa debit card from this application point of arrival. If you fronting any issue to make a transaction, then you need to check your internet connection, or you can contact us.

    ReplyDelete
  101. Webmarts can help in promoting your website globally and target customers located at diversified locations. With us you can get a perfect online marketing plan designed by us. Also you can get the plan customized aiming to drive your business in the right direction.


    Pay per click packages delhi
    Best ppc company Delhi
    Best PPC company in Delhi
    pay per click packages in Delhi
    Best ppc services in Delhi
    Top rated ppc agency in Delhi

    ReplyDelete
  102. Scholars need to connect with effective online assignment writing for do my assignment query. For that, visit website of online service providers and check their reliability before placing your order for any subject. Well if you get time you must read more
    do my assignment for me
    pay someone to do assignment

    ReplyDelete
  103. Nice work is done by admin here. So thank you very much for sharing this.
    Debut Video Capture Crack

    ReplyDelete
  104. Assignment writing help
    Dissertation help
    Assignment assistance

    We help you to stay at the top of the class with assignment writing help. The reason we have been the go to place for dissertation help is our pool of finest writing experts for all academic assignments. Our assignment assistance has great writing skills and runs a comprehensive assignment check to provide you with a custom online assignment. Our writers are best academic experts.

    ReplyDelete
  105. Thanks for sharing such valuable information which is very hard to find normally. I have subscribed to your website and will be promoting it to my friends and other people as well. I would like to share a info about the online assignment service. Students who are facing challenges in trying to write an own assignment can hire a writer from helpinhomework.org. When you can’t understand what to write and how to frame all information in the right format, you must think about assignment help services. Under this platform, you will get complete papers even if you find it tough to solve your questions. So, place your order for the online help of subject matter experts if you don’t compose your papers.

    ReplyDelete
  106. Get ready to boost your business with a strong online presence. Hire India’s most trusted online website development company and get instant quotes. 100% Customer Satisfaction. 1000+ Dynamic Website Designs with built-in SEO. Mobile friendly. Top-notch technology. 24*7 Technical support and much more. Reach us now!

    ReplyDelete
  107. Learning is a hard process if not handled with proper tools. We offer Test Banks and Solution Manuals for the most popular textbooks including Essentials Of Anatomy And Physiology 7th Edition Test Bank. View today!

    ReplyDelete
  108. Failed to get Cash App Dispute due to login error? Call customer care for support.
    You might fail to secure a Cash App Dispute due to a login error. If that’s the case, then you can use the assistance that is presented by the tech consultancies or you can watch Youube videos on tech support and use their techniques to resolve the matter.

    ReplyDelete
  109. This comment has been removed by the author.

    ReplyDelete
  110. youtube Video Download is one of the greatest tools free online for convert videos of Facebook to mp4 (video) or mp3 (audio) formats and downloads them for free

    ReplyDelete
  111. This is really amazing, you are very skilled blogger. Visit Ogen Infosystem for professional website designing and SEO Services.
    SEO Service in Delhi

    ReplyDelete
  112. The blog written is extremely impressive, with a great topic. However, a bit more research could have strengthened it even further. You can explore the services as offered by livewebtutors.com, a premium academic writing services platform offering the best of assignment help teamed with knowledge and experience

    ReplyDelete
  113. Did you know that you can easily view the contents of your phone on your TV without a cable? With a screen mirror app you can easily do the screen mirroring from Android to TV. Check out www.screenmirroring.me to find out more.

    ReplyDelete
  114. your business needs to hire a qualified website design company texas if you want to leverage the most success for your future. So, how do you pick the right fit for your business?

    ReplyDelete

  115. Amazing Article,Really useful information to all So, I hope you will share more information to be check and share here.thanks for sharing .
    website: Vietnam Tour Packages

    ReplyDelete
  116. I’d like to thank you for the efforts you’ve put in penning this site. I really hope to check out the same high-grade blog posts from you in the future as well. In truth, your creative writing abilities has inspired me to get my very own blog now ;)
    https://www.hightime420.shop/

    ReplyDelete
  117. KYBELLA BOSTON MA
    Enjoy a slimmer, smoother, more attractive chin and neck area when you choose Kybella.

    ReplyDelete
  118. The article is very nice, “thank” you for sharing it!?
    https://incracked.com/idm-with-crack/

    ReplyDelete
  119. It is important to Choose It But We've got Worked On Poweriso And Give you This Software Extensive Edition Totally free One can Download this Software From Granted Website link. Audio CD Ripping Is Easy With this particular Software. Might possibly You like To Download NjRat. Some Of the Peoples Like One Click on Download Hyperlink So, Now we have Additional One Simply click Download Crack. This Software Obtaining the Number One ISO Management SOFTWARE. https://freeprosoftz.com/power-iso-pro-full-crack-latest-version/

    ReplyDelete
  120. Find instant solutions for thousands of college homework questions like: a system that does no work but which transfers heat to the surroundings has only on ScholarOn, the best academic assistance available online.

    ReplyDelete
  121. Perdisco Assignment Help At Very Low Price.
    STUCK WITH YOUR ASSIGNMENTS.
    We are best in providing Perdisco Assignment Help Service in Australia. All the assignments are written by experts and professional writers. Our writers have experienced in each and every subject. Our experts can write your assignments on every subject.
    MYOB PERDISCO ASSIGNMENT HELP SERVICE ARE AVAILABLE 24*7.
    We Provide Assignment Help prepared by experts in well-formatted and unique content.
    AFFORDABLE PRICE. 100% PLAGARISM FREE CONTENT AND 0% DELAY.
    24/7 Quick Respond Team

    ReplyDelete
  122. Our the purpose is to share the reviews about the latest Jackets,Coats and Vests also share the related Movies,Gaming, Casual,Faux Leather and Leather materials available Yellowstone Rip Wheeler Jacket

    ReplyDelete
  123. academic writing
    Need Academic Assignment Help online? Get help from expert writers for Top Quality and Plagiarism free work. 24x7 Live Help. Order Now! an Academic Assignment Help Service To Up Your Level Of Academic Achievements academic writing Help

    ReplyDelete
  124. Acadecraft takes pride in being one of the leading online learning solution providers to provide top-notch services to every user. Regardless of the industry in which the users belong, Acadecraft has the right set of solutions for them. When you are at Acadecraft, you can be a hundred percent sure of getting the precise Learning Solutions provider that you are looking forward to.

    ReplyDelete
  125. So this is going to help the Digital Marketing industry to expand worldwide their online market everywhere without having any shops in a particular place. data science course syllabus

    ReplyDelete
  126. I’m extremely impressed along with your writing skills as smartly as with the structure to your weblog.
    Is that this a paid subject matter or did you modify it your self?
    Anyway stay up the excellent quality writing, it’s rare to peer a nice weblog like this one nowadays.

    cleanmymac crack

    ReplyDelete
  127. I’m a technical geek with opulent year of experience in the Garmin. If you are looking to get the guidance for Garmin GPS update, you should approach me. I’ll surely provide you with the optimum assistance regarding the same. Apart from that, you can also get the right approach to complete the update of Garmin GPS map. I will suggest all the necessary instructions and steps via which you can easily update your GPS map. Moreover, I also suggest some tips to keep your Garmin device up and running in a flawless manner.

    ReplyDelete
  128. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. This article inspired me to read more. keep it up.
    Best Data Science Institute In Hyderabad

    ReplyDelete
  129. Thanks for sharing this post.!!

    Is blocking someone on Facebook impression on-page part?

    To make an impression on a page part, you are needed to sign in to your Facebook account and then navigate the business page. If you are blocking someone on Facebook, then you failed to do it. Actually, you have to tap on the compose something tab and then sort the message what you want to convey to your page part.

    ReplyDelete
  130. Thanks for sharing this great article. Hi, I am John Smith, I am working as a technical manager at email support. I have 3 years of experience in this field. If you have any problems related to the Reset mac.com email login password, then please contact for instant help related to email problems.

    ReplyDelete
  131. MkvPoker Adalah Situs Judi Poker Terbaik Dengan Taruhan Uang Asli Yang Menjaminkan Kemenangan Yang Tinggi

    Wa : +855 9637 31855

    ReplyDelete
  132. Thank you providing important information
    Writemyassignmentus.com is the most professional and genuine online assignment service provider where you can get top-quality HRM Assignment Help. The key features of this website are on-time delivery of the solution, 24*7 customer support, plagiarism-free content, affordable or pocket-friendly prices, impeccable quality solution, and many more. Hire an expert now and feel the difference.

    ReplyDelete
  133. Hi, I'm Riya Sharma and working with Jaipur Escorts. We are 5-6 friends and travel together in all over India. Neha is only friend who live in Mumbai who work for Mumbai Escorts and remaining birds enjoy being part of Jaipur Escorts as mentioned before.

    ReplyDelete
  134. LIVE GAME IDN merupakan permainan casino yang disajikan secara langsung kepada kalian para pecinta judi online, permainan LIVE GAME tentunya ada tata dan cara bermainnya, kalian bisa mengunjungi situs Cara Bermain Live Game IDN LIVE untuk mengetahui cara bermain yang benar di permainan Live Game IDN, termasuk 3D SHIO, ROULETTE. SICBO, BACCARAT

    ReplyDelete
  135. I am professionals developer over 10 years of experience. Right now i am working with CFS for app developing, this company has expertise in providing Textbook solutions manual and Q and A answer, assignment writing help.

    ReplyDelete
  136. SQL Update構文でデータベーステーブルを更新する方法

    ReplyDelete
  137. Nice blog! Such an amazing and helpful post this is. I really really love it. It's so good and so awesome. I am just amazed. I hope that you continue to do your work like this in the future also.
    Essay Help

    ReplyDelete
  138. Play premier league fantasy cricket on India's no.1 App and get a chance to win up to 50 lakhs in every match. Download the app now!

    ReplyDelete
  139. When it comes to your career prospects and bright future, Assignment Help takes the onus on itself to promote your growth in the right direction. So, that way you wouldn’t have to think twice before trusting us with your academic papers. Place an order with us now and reap the rewards of brilliantly written academic papers today. Assignment help, one of the leading academic solution providers in Australia, understands the challenges and extends a helping hand to the aspiring engineers who are willing to land a job in Australia.
    Sydney Assignment Help

    ReplyDelete
  140. assignment help
    There are many assignment Help service providers out there in the market but are those service providers Australian based companies? Probably not, My Assignment Help has been operating in the market for last 10 years now and we are proud to say that we have helped over thousands of students with their essays, case studies assignment help

    ReplyDelete
  141. Your blogs are great. Are you also searching for nursing capstone writing project? we are the best solution for you. We are best known for delivering quality nursing capstone writing services to students without having to break the bank

    ReplyDelete
  142. Good blog. Keep sharing. I love them Are you also searching for Cheap assignment writers? we are the best solution for you. We are best known for delivering nursing writing services to students without having to break the bank

    ReplyDelete
  143. Dear,,,     (1.) My website (All the Best Images) is of all types of images, photos, wallpapers. In this, you will get all kinds of wishes, which you can download and send to friends and relatives.    All The Best Images   
     
      (2.) and another website (All Image Shayari) which will get all types of shayari, Sad Shayari, Dosti Shayari, Love Shayari, etc. You can download and send it to your friends, girlfriend or loved ones or whoever you want to send.  All Image Shayari           Sir,              You are requested to kindly give DO-FOLLOW Backlink to my website '
                                 Thank you. ...

    ReplyDelete
  144. This post is quite informative. I love it. Are you also searching for NursingWriting help we are the best solution for you. We are best known for delivering the best services to students without having to break the bank

    ReplyDelete
  145. Thanks For Sharing The Information The Information Shared Is Very Valuable Please Keep Updating Us Time Just Went On Reading The article
    by cloudi5 is the Web Design Company in Coimbatore

    ReplyDelete
  146. Cognex is the AWS Training in Chennai. Cognex offer online and offline courses according to the students requriments.

    ReplyDelete
  147. TestBanksOnline is the best website to Buy Test Banks Online. Great study materials like Solution Manual For Microeconomics An Intuitive Approach With Calculus 2nd Edition are available with instant download and best discounts. Search 4000+ test banks and solution manuals online.

    ReplyDelete
  148. I just loved your article on the beginners guide to starting a blog.If somebody take this blog article seriously
    in their life, he/she can earn his living by doing blogging.Thank you for this article.
    tibco sportfire online training

    ReplyDelete
  149. Nice content thanks for sharing with Us. If you are facing from Canon Printer Offline Error, then Fix Canon printer offline error you have to place a single call at Canon customer Support Phone Number to resolve this issue.

    ReplyDelete
  150. Nice content thanks for sharing with Us. Are you looking for Brother printer install? If you want to connect your computer or system, you’ve come to the right place! How to install brother printer This article will show you how to make it quickly and easily!

    ReplyDelete