This guide should be used purely for knowlage, and not used for exploiting or hacking in any shape or form
SHOPADMINS ARE OF DIFFERENT COMPANIES LIKE : VP-ASP , X CART .. ETC ETC. I'M POSTING THIS TUTORIAL ON HACKING VP-ASP SHOPADMINS.
Have you ever went to purchase something on the internet and you needed to enter your credit card information? I'm sure you have. Whether it had been porn, an Ipod, a laptop or anything. Below I'm posting how to hack into the database that holds this information from past customers. If the version of ASP shopadmin is correct, you can eaisly hack into it and steal credit card information, secret company/client information. Please note that huge shops like Amazon, etc use different software and aren't stupid enough to have their shopadmins exploited so easily.
The type of shopadmin you will be looking for is VP-ASP Shopping Cart Version 5.00
Now, how do you find these? Well, I'm sure you've been told Google is your friend plenty of times, and it's extremely useful in this scenario.
Go to Google.com and type this;
intitle: VP-ASP Shopping Cart 5.00
You will find many websites with VP-ASP 5.00 cart software installed. Just pick a random one, on a random page. Remember that alot of these would of already been exploited, so try one on like page 1000 . Now you need to exploit it!
The page will look like this...> ****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is : diag_dbtest.asp
So do this>
A page will come up that shows:
shopping140 (140 being the number of products in the shop which is helpful to know if you're hacking a big website)
xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber (Example)
The most important thing here is atabase
Ok now the URL will be like this:
continue 04/02/2007 22:53
If you didn't /can't download the database, try this while there is dblocation.
Now the URL will be this...
If you see an error message, try this.
Download the mdb file and you should be able to open it with any mdb file viewer. Find one at download.com or use MS Office or whatever.
Now you are inside the shop, look for credit card information and usually the shopadmin username and password.
The admin login page is usually located here..
If you can't find the MDB or the shopadmin login, try all the default passwords, seriously, some people ARE this stupid.
I hope you enjoyed the guide.