Monday 22 August 2011

Another cc-grabbers web based

Found on the same server of 'bender edition'
It's another cc-grabbers but you can call this one 'crappy edition'

The php code of the main page was obfuscated


Replace eval($ev); by echo($ev); and you get the clean version.
thanks tishrom :)


There is only this page:


index.php who is the update page, after looking at the source code, you must call it like this:
index.php?pkey=PASSWORD&action=set&login=&balance=&account_type=&holder_name=&last_login=&account_status=&ccs=&banks=

It will insert datas into a html file at "data/log.html"
and will use jabber/icq for notify.
(jabber by calling lib/class.jabber.php)

screenshot of the 'log.html' found on the server:


There is no options for manage credit cards and stuff.
And like the previous panel, this coder has never heard of XSS attacks.
All variables are vulnerable except 'action' & 'pkey'

4 comments:

  1. Nice post man, you are doing a good job, thus I didn't understand this line:

    Replace eval($ev); by echo($ev); and you get the clean version.

    ReplyDelete
  2. @profnetwork i mean the code is obfuscated (see the first picture)
    for get a version you can understand you should remove eval($ev); and write echo($ev);
    That will display the deobfuscated code.

    ReplyDelete
  3. Oh I got it. For-loop section! I'm pretty low at PHP, and I was uncareful. Well done tho'

    ReplyDelete
  4. can you share this code? link?

    ReplyDelete