Use for hacked admins with no valuable data

[diego220]

Ok you will need

1 fresh email address
1 hacked shop admin
1 drop address
1 socks

ok when a customer places an order on a website, sometimes the admin can access the delivery address and payment details. This is what we are trying to modify.

1. First find a customer order which has been paid for but not shipped and replace his email with your fresh account.

2. Then replace the delivery address with your drop address.

3. Next wait for the delivery.

This works i used it.

 

[darkos]

hacked shop admin i need or an sql exploit for chop sit

 

[bcre8tiv]

Good thinking

 

[diego220]

you don't even need full access, just find an injection eumerate the orders table and then use 'insert into' then modify what u need.

 

[paco]

this is greatest idea since i first hear about sql hacking
very well done

 

[diego220]

insert into orders(shippingaddress,shippingpostcode,email) Values("drop address","postcode","youremail") where id = 123

in theory. Some shops allow you to do that from the admins

 

[w4l3xzy3]

nice....i need an sql injection tool

 

[diego220]

No you dnt need injection tool u jus need to learn sql injection. manual methods are better and easier to use.

 

[scori]

yes! manual sql injections Its what i love mate, thats what i do =)

 

[thesultan]

Thats a really good idea.

 

[little07x]

you can try Havij for SQL ... you can find it on google

 

[diego220]

Sometimes auto tools miss things. i like to use a web vuln scanner and manual then havij to dump the db.

 

[diego220]

If anyone has a list of admins where i can change delivery address, i would be interested in working with them. so pm me if interested

 

[paco]

del