Friday, 5 June 2015

How to hack VP-ASP Shopping websites and get all the Database details

Hello Friends, Today we are going to learn how to hack VP-ASP cart of a Shopping website and download all their Database details like Customer details, Credit card details, Product details etc.

So some basic idea before starting the Tutorial, 

What we are going to do here?

Firstly we will hack a shopadmin website then we will download the database file which will be in the form of *.mdb. This database file contains all the client details like credit card information and also login name and passwords.

How to do this ?

Note : This tutorial is tested on "VP-ASP Shopping Cart Version:5.00"

Step 1 : First thing to do is to find VP-ASP 5.00 Sites, to do this -> Go to Google.com -> Type "VP-ASP Shopping Cart 5.00"[ Without Quotes ] . See the image for reference 




Step 2 : In this tutorial, we are going to target www.surfstats.com You can also select your website which is having "shopdisplaycategories.asp","shopadmin.asp" at the end of the URL. Since SURFSTATS have "shopdisplaycategories.asp" at the end of URL, we will target this.

Now lets go to the Exploit,

The exploit is : diag_dbtest.asp


Step 3 : A page will appear containing xDatabase, xDBLocation, xEmail etc. See the image below.


Step 4 : The most important thing here is "xDatabase". Depending on the websites, xDatabase name will vary like for some websites it will be "shopping140 , shopping500 or shopping550"

For us  xDatabase=shopping500

so what we have to do, just add xDatabase name in the URL alongwith the extension *.mdb i.e. 
"http://www.surfstats.com/eCommerce/vpasp/shopping500.mdb" and ENTER -> It will download the database file into your local machine.

If in case the database file is not getting downloaded then

give the database location(XDBLocation) before the shopping*.mdb URL example : "http://www.victim.com/[Dblocation]/shopping500.mdb"

Step 5 : Download the *.mdb file and you should be able to open it with any mdb file viewer like Microsoft Office Access.

Inside the file you will be able to find credit card details information, if you are lucky enough you may get details of username and password of customers etc.

Step 6 : The Admin Login page is usually located here : http://www.victim.com/*/shopadmin.asp, for us its : 

If you are not able to find the admin Username and Password on the *.mdb file or if its incorrect then try to find admin login page and enter the default password like:

Username : admin   
Password : admin

Username : vpasp    
Password : vpasp



Hope you all will like the tutorial and help us to spread knowledge because its FREE. Share it!!

For any queries comment below.

Note: Hacking website is an illegal act, this is only a informational post and I am not responsible for any actions done to you after reading this tutorial. This post is for educational purposes only.

4 comments:

  1. you're on point,nice piece of article... welldone

    ReplyDelete
  2. my man every time i follow your adviced its not wornking , can you help me thank you

    ReplyDelete
  3. Se agradece la informacion, lo comunicare al dueƱo para ver como podemos evitar que nos suceda a nosotros

    ReplyDelete
  4. the number on credit card appears to be 1111111111 how can the actual number be retreieved

    ReplyDelete

Hyperlinks are not allowed in comments, Spam/advertising comments will NEVER BE TOLERATED and will be deleted immediately!

Thanks for visiting our website,Bookmark us for more updates.

Contact us

Name

Email *

Message *

Recent

recentposts

Random

randomposts