Note : This post is only for Educational Purpose.
Requirements
1. Havij 1.16 Pro
3. SQLi-DB
4. Carding Dorks
5. Vulnerable Sites
Let’s divide this tutorial into two part first to find vulnerable sites and second to get data from these sites
How To Find Vulnerable Sites ?
First we are going to find shopping sites I mean vulnerable site. To find vulnerable sites, you need to use the SQLi-DB and the carding dorks. Let’s do it step by steps.
Step 1. Copy one of the dork, i m using inurl:/merchandise/index.php?cat= and paste it in SQLi-DB.
Step 2. Set up the setting and click on the “ scan ” button. This is not high level setting, it is simple choose search engine, duplicate result should be removed or not. Set it yourself.
scan-code
Step 3. Once you set it all, start scanning, the result will be shown in the screenshot as below:
result-list
Step 4. Click on Vulnerable to filter the result and only show the vulnerable results. Bingo! Boom you completed your first task.
valunerable-sites-list
Getting Data From Vulnerable Site:
Now, you need to run Havij as administrator and follow the steps below
Step 1. Paste the vulnerable site in the target TextBox on Havij and click Analyze .
Step 2. Once the process finished, you will see something like in the image below on your Havij log box.
havij-log-box
Step 3. Click on Tables then Get Tables and you will see all the tables that are in the database.
havij-tables
Step 4. Now, look for a table named “ Orders ” or something similar. Tick the table and click on Get Columns.
in-column-save-order
Step 5. You will get the columns that are in the table “Orders”. Now tick on something that related to credit cards information, such as cc_number, cc_type, cc_expired_year, cc_expired_month, and cvv or cvv2 . Once you’re done, click on Get Data.
credit-card-information-data
Step 6. Just wait for the dumping progress and you will get the information.
