It's another cc-grabbers but you can call this one 'crappy edition'
The php code of the main page was obfuscated
Replace eval($ev); by echo($ev); and you get the clean version.
thanks tishrom :)
There is only this page:
index.php who is the update page, after looking at the source code, you must call it like this:
index.php?pkey=PASSWORD&action=set&login=&balance=&account_type=&holder_name=&last_login=&account_status=&ccs=&banks=
It will insert datas into a html file at "data/log.html"
and will use jabber/icq for notify.
(jabber by calling lib/class.jabber.php)
screenshot of the 'log.html' found on the server:
There is no options for manage credit cards and stuff.
And like the previous panel, this coder has never heard of XSS attacks.
All variables are vulnerable except 'action' & 'pkey'
Nice post man, you are doing a good job, thus I didn't understand this line:
ReplyDeleteReplace eval($ev); by echo($ev); and you get the clean version.
@profnetwork i mean the code is obfuscated (see the first picture)
ReplyDeletefor get a version you can understand you should remove eval($ev); and write echo($ev);
That will display the deobfuscated code.
Oh I got it. For-loop section! I'm pretty low at PHP, and I was uncareful. Well done tho'
ReplyDeletecan you share this code? link?
ReplyDelete