Author Topic: How do get thousands of credit card data? From database!  (Read 2612 times)

0 Members and 1 Guest are viewing this topic.

September 27, 2009, 05:42:21 pm
Read 2612 times


  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335

“Our international money transfer service provides a simple, secure and fast method to transfer funds to and from the UK for both personal and business needs. Online FX international money transfers are a highly convenient, secure and cost effective way to transfer money to bank accounts in over 70 countries worldwide. ” we read on the site. Simple and fast, perhaps, but certainly not secure.As a parameter bad secured provides access to entire database.Because we have a MSSQL database operated by sqli blind method, the error does not appear on the page. I used the tool Pangolin to show you the vulnerability.
In the first picture we have all the information about the server.What is very serious, behind SQLI, we have access on the server runs (highlighted in red on print screen). I mean we can walk in the server,as in our computer.
Ruining the bad guy's day