Note : This post is only for Educational Purpose.
Requirements
1. Havij 1.16 Pro
3. SQLi-DB
4. Carding Dorks
5. Vulnerable Sites
Let’s divide this tutorial into two part first to find vulnerable sites and second to get data from these sites
Pt1. How To Find Vulnerable Sites ?
First we are going to find shopping sites I mean vulnerable site. To find vulnerable sites, you need to use the SQLi-DB and the carding dorks. Let’s do it step by steps.
Step 1. Copy one of the dork, i m using inurl:/merchandise/index.php?cat= and paste it in SQLi-DB.
Step 2. Set up the setting and click on the “ scan ” button. This is not high level setting, it is simple choose search engine, duplicate result should be removed or not. Set it yourself.
scan-code
Step 3. Once you set it all, start scanning, the result will be shown in the screenshot as below:
result-list
Step 4. Click on Vulnerable to filter the result and only show the vulnerable results. Bingo! Boom you completed your first task.
valunerable-sites-list
Getting Data From Vulnerable Site:
Now, you need to run Havij as administrator and follow the steps below
Step 1. Paste the vulnerable site in the target TextBox on Havij and click Analyze .
Step 2. Once the process finished, you will see something like in the image below on your Havij log box.
havij-log-box
Step 3. Click on Tables then Get Tables and you will see all the tables that are in the database.
havij-tables
Step 4. Now, look for a table named “ Orders ” or something similar. Tick the table and click on Get Columns.
in-column-save-order
Step 5. You will get the columns that are in the table “Orders”. Now tick on something that related to credit cards information, such as cc_number, cc_type, cc_expired_year, cc_expired_month, and cvv or cvv2 . Once you’re done, click on Get Data.
credit-card-information-data
Step 6. Just wait for the dumping progress and you will get the information.
Enjoy! Follow us for more...
No comments:
Post a Comment