smsgratis2indonesia.co.id Hijack

1. <?php
2. define("HOST", "http://www.smsgratis2indonesia.co.id");
3.  
4.     /**
5.         me@dwisiswanto.my.id
6.         --
7.         usage; http://localhost/this.php?no={victim number}&text={your text}
8.     **/
9.  
10. $num = @$_GET['no'];
11. $psn = @$_GET['text'];
12.  
13. if (isset($num) && isset($psn)) {
14.     $attrib = ambil();
15.     if ($attrib != null) {
16.         $exec = kirim($num, $psn, $attrib);
17.         if (preg_match("/has been sent/i", $exec)) {
18.             // true
19.             echo "Success";
20.         } else {
21.             // false, you can see what kind of error by $exec[0]
22.             echo "Fail";
23.         }
24.     }
25. } else {
26.     echo "`no` and `text` parameter can't be empty";
27. }
28.  
29. function hajar($yuerel, $dataAing = null, $head = null) {
30.     $cuih = curl_init();
31.     curl_setopt($cuih, CURLOPT_URL, $yuerel);
32.     if ($dataAing != null){
33.         curl_setopt($cuih, CURLOPT_POST, true);
34.         curl_setopt($cuih, CURLOPT_POSTFIELDS, $dataAing);
35.     }
36.     curl_setopt($cuih, CURLOPT_FOLLOWLOCATION, true);
37.     curl_setopt($cuih, CURLOPT_RETURNTRANSFER, true);
38.     curl_setopt($cuih, CURLOPT_SSL_VERIFYPEER, false);
39.     curl_setopt($cuih, CURLOPT_COOKIESESSION, true);
40.     curl_setopt($cuih, CURLOPT_HEADER, true);
41.     if ($head != null) {
42.         curl_setopt($cuih, CURLOPT_HTTPHEADER, $head);
43.     }
44.     curl_setopt($cuih, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1");
45.     $eks = curl_exec($cuih);
46.     curl_close($cuih);
47.     return array($eks, explode("\n", $eks));
48. }
49.  
50. function ambil() {
51.     $get = hajar(HOST)[0];
52.     preg_match_all("/Set-Cookie: (.*?);|input type=\"hidden\" name=\"(.*?)\" value=\"(.*?)\"|input type=hidden name='(.*?)' value='(.*?)'/s", $get, $attrib);
53.     if (isset($attrib)) {
54.         return $attrib;
55.     }
56. }
57.  
58. function kirim($num, $psn, $attrib) {
59.     $data = array("T1" => $attrib[3][1], "tgl" => $attrib[5][2], "auth" => $attrib[5][3], "ip" => $attrib[5][4], "noHP" => $num, "pesan" => $psn, "TOMBOL" => "KIRIM+SMS");
60.     $exec = hajar(HOST . "/kirimkan-sms", $data, array("Cookie: " . $attrib[1][0], "Referer: " . HOST));
61.     return $exec[0];
62. }
63. ?>