Use WSO Web Shell
Go to file index.php , and add the malicious code:
Call the script and access the RemoteShell:
Sift login and pass from FTP files, create a database
Find the following lines in login.php:
After the above steps, every authorized user will be added to our database section (created above).
Execute the get list command: (It’s currently empty )
cardable sites no cvv 2020