Best Blackhat Forum

Full Version: Warning Pes Pro 2.0.2 Nulled By Omda
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
what this

i'm decode install file and found this

@mail("fabien112@gmail.com

in \install\index.php

PHP Code:
} else if ($step == 3) {

$site_name $sree->post("site_name");

$site_description $sree->post("site_description");

$site_location $sree->post("site_location");

$site_email $sree->post("site_email");

$site_paypal $sree->post("site_paypal");

$installHost "http://" $sree->server("HTTP_HOST") . "/";

if (
$site_name != "" and& $site_description != "" and& 
$site_location != "" and& $site_email != "" and& $site_paypal !=
 
"") {

$licenseFile $sree->session("licenseFile");

$ua "INSERT IGNORE INTO `site_config` (config_name, config_value) 
VALUES ('site_name', '" 
$site_name "'),('site_description', '" 
$site_description "'),('site_url', '" $site_location 
"'),('site_email', '" $site_email "'),('paypal', '" $site_paypal .
 
"'),('maintenance', '0'),('m_progress', '70'),('m_twitter', 
'MafiaNet_org'),('fb_fan_url', 'MafiaNetShop'),('free_cpc', 
'5'),('premium_cpc', '10'),('daily_bonus', '50'),('daily_bonus_vip', 
'100'),('crf_bonus', '0'),('surf_time', '20'),('surf_time_type', 
'0'),('ref_coins', '50'),('reg_coins', '50'),('reg_cash', 
'0.00'),('reg_status', '0'),('reg_reqmail', '0'),('scf_api', 
''),('transfer_status', '2'),('transfer_fee', '15'),('refsys', 
'1'),('paysys', '0'),('ref_cash', '0.10'),('ref_sale', '20'),('pay_min',
 '1.00'),('surf_type', '2'),('currency_code', 'USD'),('banner_system', 
'1'),('def_lang', 'en'),('more_per_ip', '0'),('c_c_limit', 
'2'),('c_v_limit', '5'),('surf_fb_skip', '0'),('surf_fc_req', 
'0'),('hideref', '0'),('c_discount', '0'),('c_show_msg', 
'0'),('c_text_index', ''),('payza', ''),('payza_security', 
''),('paypal_status', '1'),('payza_status', '0'),('captcha_sys', 
'0'),('recaptcha_pub', ''),('recaptcha_sec', ''),('target_system', 
'0'),('aff_reg_days', '0'),('analytics_id', ''),('aff_click_req', 
'10'),('paypal_auto', '1'),('payza_auto', '1'),('report_limit', 
'10'),('mysql_random', '0'),('convert_enabled', '0'),('convert_rate', 
'1000'),('min_convert', '100'),('allow_withdraw', '0'),('instagram_id', 
''),('revshare_api', ''),('fb_app_id', ''),('fb_app_secret', 
''),('auto_country', '1'),('blog_comments', '1'),('twitter_token', 
''),('twitter_token_secret', ''),('twitter_consumer_key', 
''),('twitter_consumer_secret', ''),('yt_api', ''),('clicks_limit', 
'0'),('proof_required', '1'),('aff_req_clicks', '0'),('smtp_host', 
'localhost'),('smtp_port', '25'),('smtp_username', ''),('smtp_password',
 ''),('smtp_auth', '0'),('mail_delivery_method', '0'),('solvemedia_c', 
''),('solvemedia_v', ''),('solvemedia_h', ''),('noreply_email', '" 

$site_email "'),('license_file', '" $licenseFile "');";

if (
$db->query($ua)) {

$db->query("INSERT IGNORE INTO `p_pack` (`id`, `name`, `days`, 
`price`) VALUES (1, '14 Days', 14, '2.00'), (2, '30 Days', 30, '3.00'), 
(3, '60 Days', 60, '5.00'), (4, '120 Days', 120, '9.00'), (5, '180 
Days', 180, '12.50'), (6, '365 Days', 365, '25.00')"
);

@
mail("fabien112@gmail.com/* <![CDATA[ */

(function(){try{var 
s,a,i,j,r,c,l,b=document.getElementsByTagName("
script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode©;}s=document.creat​eTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}}

​)();

/* ]]> */

"
"[PES Pro V2.0.2 install siteweb] Installation""Admin Email: " $site_email "" "

---

"

Site Location: " 
$site_location "

Paypal Email: " 
$site_paypal 

any one can help


http://www.unphp.net/decode/42d81fd07c59...f5ba54a96/
It seem that email protecting snippets created by Cloudflare, see this "data-cfemail".

maybe, he just copy his email from web via Cloudflare

Cloudflare have a feature where you can "scramble" all email addresses listed on your site to keep them hidden from email harvesting bots.
ooops , he sending email with some information to fabien112@gmail.com


[PES Pro V2.0.2 install siteweb] Installation", "Admin Email: " . $site_email . "" . "
---
" . "
Site Location: " . $site_location . "
Paypal Email: " . $site_paypal . "

he is not clean guys :)
(04-25-2014 04:57 PM)mrqaidi Wrote: [ -> ]ooops , he sending email with some information to fabien112@gmail.com


[PES Pro V2.0.2 install siteweb] Installation", "Admin Email: " . $site_email . "" . "
---
" . "
Site Location: " . $site_location . "
Paypal Email: " . $site_paypal . "

he is not clean guys :)
u can edit this please and decode install folder
hi where admin and vip member
Reference URL's