Log Out Settings My Profile Notifications Welcome, praveenjayakar Carding Forum - Carding - Credit Cards - Dumps - Tracks - Laptops Shipping - Bank Accounts - Western Union Transfer - Powered by vBulletin Need to buy anything contact Admin : Car.ding@yahoo and ICQ 636904476 Carding Mafia Official Domains: DarkSpot.info - TheCarding Whats New? Articles Forum New PostsPrivate MessagesFAQCalendarCommunity Forum Actions Quick Links Blogs Be my partner Western Union Transfer Electronics Shipment Submit Advanced Search HomeForumPublic Carding ZonePublic Carding Tutorials Getting Private CCs Through SQL Injection + Reply to Thread Results 1 to 8 of 8 Like Tree5Likes Thread: Getting Private CCs Through SQL Injection LinkBack Thread Tools Search Thread Advanced Search Rate This Thread Display 09-03-2013, 04:59 PM #1 Sizzlin.Carder Sizzlin.Carder is offline Banned Sizzlin.Carders Avatar Join Date Aug 2013 Location Jeddah Posts 30 New2 Getting Private CCs Through SQL Injection Hey all, this is my very first tutorial, so bear with me and please REP and THANK if you enjoy and/or if it helps ypu. This is my method for getting fresh CC info, sent directly to an inbox of your choosing! First, you need to find yourself a vulnerable shop. Wont go into too many details here, this should be pretty drilled into your head by now. You can do this with Google Dorks manually, or use tools like WebCruiser, SQLi poison, etc. What your looking for is a shop with both SQLi vulnerabilities, and XSS vulnerabilities. First, as you may have noticed on most databases containing CC info, its encrypted, MD5, FPE, whatever it is its not feasible to work with that. However, one thing you can work with is the current and former customers e-mail addresses. Go ahead and rip the whole table with the customer information. If youre lucky, youll get at least 10,000 e-mail addresses or more. Next, you need to work with the XSS vulnerability. Ive noticed the most common being POST vulnerability, so Ill go that route, but you can incorporate it with FORM or whatever. You can use the following code to make a redirect.html or whatever you wish to name it. This page will load the vulnerable website immediately, with one exception, a giant IFRAME over it which of course is going to be another page you make. PHP Code: function submitPostLink() :zin:{ document.postlink.submit(); } Go ahead and goto the checkout page for the site youre working with, and save the page to your hard drive, including all the subdirectory files and images (firefox does this auto). Now, you need to edit the main file you just saved. Search for action=, and change the page following it to your third page you will make, which will be the PHP mail form that will send your e-mail all the information someone fills in the form. The code will look something like.... PHP Code:
Posted on: Mon, 12 Jan 2015 10:24:13 +0000
Recently Viewed Topics
© 2015