Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: SysAdMini on September 27, 2009, 05:42:21 pm

Title: How do get thousands of credit card data? From database!
Post by: SysAdMini on September 27, 2009, 05:42:21 pm

“Our international money transfer service provides a simple, secure and fast method to transfer funds to and from the UK for both personal and business needs. Online FX international money transfers are a highly convenient, secure and cost effective way to transfer money to bank accounts in over 70 countries worldwide. ” we read on the site. Simple and fast, perhaps, but certainly not secure.As a parameter bad secured provides access to entire database.Because we have a MSSQL database operated by sqli blind method, the error does not appear on the page. I used the tool Pangolin to show you the vulnerability.
In the first picture we have all the information about the server.What is very serious, behind SQLI, we have access on the server runs (highlighted in red on print screen). I mean we can walk in the server,as in our computer.