So, basically i got sql injection on a website where you can buy tickets for concerts, night clubs.. and i got able to dump organizers and employees accounts, along with passwords(not all), looking at the organizers profiles i can see the amount of money they earned and are about to be transfered to their bank account which is set on their profile as IBAN, and i can change that information, so basically i tought changing the iban but i i'd need a private iban or an iban with a different name, and with money i'd buy monero and then send it to various wallets to be ended in my bank account, anyone have any idea on how do i get a private iban? i tought of using some stolen id to open an account on wise.com but i don't trust it much.
Runion
This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
Cashout from website (have sql-inj)
- Thread starter Subway
- Start date
Пожалуйста, обратите внимание, что пользователь заблокирован
If you asking this question them maybe just maybe you have not thought out this line of work ??
This access is gold in the correct hands and MUCH MUCH more than 20k can be cashed here it really can be
"Dont look in the box think outside it "
Пожалуйста, обратите внимание, что пользователь заблокирован
you never heard of cleaning the coins
There many many ways of doing this with varying degrees of "cleanliness " lets say ....
1 possible way .......
Send ETH to tornado (yes still up on IPFS) withdraw at different time frames into newly made wallet(S) then send to fixedfloat to get it into BTC
BTC> from use (use coinjoin,lighting swaps, then into a mixer> BTC
Then back into fixedfloat to swap XMR >
XMR to cash via a p2p marketplace
OVERKILL maybe but OPSEC is ya fren in this area dont be like POMPOMPURIN
With almost 0 chance of being frozen !!!!
Последнее редактирование: 02.05.2023
Пожалуйста, обратите внимание, что пользователь заблокирован
no he wants it just to sit in crypto and sit and stare at it .....maybe he can take a picture and frame it to hang on wall in his home to tell his frens "LOOK i got this much money" but not be able to spend it
of course he wants it in cash and clearly what the TS stated
the level stupidness on this forum never cease to amaze me
downshifter
Light Weight
- Депозит
- $0
if you have DBA rights in sqli then you have the ability to edit / change data
if there is no DBA, then try to pull out the credentials from mysql (sqlmap keys: --users --password) and increase the privileges inside
if there is no DBA, then try to pull out the credentials from mysql (sqlmap keys: --users --password) and increase the privileges inside
Пожалуйста, обратите внимание, что пользователь заблокирован
he clearly states he has access, this is not the issue or the question.
Subway youre going to fuck this off completely if you dont partner with an established cashout service for %. vvh has a wide variety of well reviewed vendrs this, ignore the idiots in your inbox.
What I would do:
1. Establish your reputable partner and lock in a trial for the minimum cashout they offer if youre paranoid.
2. Choose a random account to cashout and redirect to vendors iban.
3. Receive your % successfully, then explain your project and volume youre looking to do in full ( they should be able to secure your % in escrow at this point )
Doing it this way you can test out an honest vendor, and one compromised account will not cause a site wide forced password reset or 2fa
At no point should anyone need to know the target site although itll probably be listed on the deposit. So only work with established vendors