Best Blackhat Forum

Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > {NULLED}Simple Invoice Manager - Invoicing Made Easy 3.2
Full Version: {NULLED}Simple Invoice Manager - Invoicing Made Easy 3.2
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4

Xecution

07-17-2015, 06:53 AM
Hmm... /install/install.php

Code:
/*$curl_handle = curl_init();
                curl_setopt($curl_handle, CURLOPT_URL, 'http://tecdiary.com/support/api/getdb/');
                curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt($curl_handle, CURLOPT_POST, 1);
                curl_setopt($curl_handle, CURLOPT_POSTFIELDS, array(
                    'username' => $_POST["username"],
                    'code' => $_POST["code"],
                    'id' => '4259689',
                    'version' => '3.0',
                    'type' => 'install'
                ));*/

Is that how you nulled it? Lol.

But why not also the following, which still exists:

Code:
if ($_POST) {
                $code = $_POST["code"];
                $username = $_POST["username"];
                $curl_handle = curl_init();
                curl_setopt($curl_handle, CURLOPT_URL, 'http://tecdiary.com/support/api/register/');
                curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt($curl_handle, CURLOPT_POST, 1);
                $referer = "http://" . $_SERVER["SERVER_NAME"] . substr($_SERVER["REQUEST_URI"], 0, -17);
                $path = substr(realpath(dirname(__FILE__)), 0, -8);
                curl_setopt($curl_handle, CURLOPT_POSTFIELDS, array(
                    'username' => $_POST["username"],
                    //'email' => $_POST["email"],
                    'code' => $_POST["code"],
                    'id' => '4259689',
                    'ip' => $_SERVER['REMOTE_ADDR'],
                    'referer' => $referer,
                    'path' => $path
                ));

And, "Checking for Updates"

/sim/controllers/settings.php (Ling 641)
Code:
$updates = get_curl_contents('http://tecdiary.com/api/v1/update/', $fields);

And, Saving the updated files from the developers server to yours...

/sim/helpers/curl_helper.php (line 22)
Code:
file_put_contents('./files/updates/'.$file, fopen("http://tecdiary.com/api/v1/download/file/".$file, 'r'));

And the this... Which is kinda a big deal.

/update/update.php (lines 105 and 292 area)
Code:
if ($_POST) {
                $code = $_POST["code"];
                $username = $_POST["username"];
                $curl_handle = curl_init();
                curl_setopt($curl_handle, CURLOPT_URL, 'http://tecdiary.com/support/api/register/');
                curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt($curl_handle, CURLOPT_POST, 1);
                $referer = "http://" . $_SERVER["SERVER_NAME"] . substr($_SERVER["REQUEST_URI"], 0, -14);
                $path = substr(realpath(dirname(__FILE__)), 0, -7);
                curl_setopt($curl_handle, CURLOPT_POSTFIELDS, array(
                    'username' => $_POST["username"],
                    //'email' => $_POST["email"],
                    'code' => $_POST["code"],
                    'id' => '4259689',
                    'ip' => $_SERVER['REMOTE_ADDR'],
                    'referer' => $referer,
                    'path' => $path
                ));


//////////////////////////////////////////


            if ($_POST) {
                $code = $_POST['code'];
                $username = $_POST['username'];
                define("BASEPATH", "update/");
                include("../sim/config/database.php");
                $curl_handle = curl_init();
                curl_setopt($curl_handle, CURLOPT_URL, 'http://tecdiary.com/support/api/getdb/');
                curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt($curl_handle, CURLOPT_POST, 1);
                curl_setopt($curl_handle, CURLOPT_POSTFIELDS, array(
                    'username' => $_POST["username"],
                    'code' => $_POST["code"],
                    'id' => '4259689',
                    'version' => '3.0',
                    'type' => 'update'
                ));

Which you originally have commented out in the install, but not for the update process... So, since you didn't disable the update procedure... it will cry home if someone updates.

lolclol

07-17-2015, 07:13 AM
can you not see its high lighted out.
code1. don't you understand that anything in /* */ does not get read or execute??
code2. it only runs if the the buffer curl_exec was in place but again its /* */ out so it does not run execute the curl code..


Sorry I did not clean up the code. but I truly can't be assed. the amount of times I have cleaned nulled scripts up and leechers dont rep or not get the credit owed by nulling it for you for free. so now I will null and leave the crap behind.. but it all works fine.


Oops ok totally forgot about the updates. i will sort that out and reupload. but really what the author will get a IP address he cant access your script to see if its nulled or purchased.

Xecution

07-17-2015, 07:23 AM
Hey man, Im not "assing" you. I'm just pointing a few things out... just so no-one gets screwed over.

As for cleaning it up. I prefer to have the original code /* commented out //. I don't like when it's removed personally.

Thanks for providing the script in the first place, it's appreciated.

PatcheZ

07-17-2015, 07:40 AM
Hey Xecution, thanks for the heads up there, looks like we would be busted pretty quick using this?
Max reps for your work on this

Xecution

07-17-2015, 08:20 AM
Nah, I don't think anyone would get busted... per-say. lolclol is right for the most part... the dev would prob end up with an IP address "if/once you updated it from the backend". But he wouldn't be able do much, unless you have a dedicated IP address pointing to your personal information.

Other than that, it's good and looks to be clean. I didn't see anything really malicious at all... and there are just a few links to the developers site (install and update) so it looks good to me.

ozghelp

07-28-2015, 01:36 PM
thanks advance... its work

+Reps...

BlackBlizzard78

07-28-2015, 02:26 PM
Nulled scripts, the whole idea for developers is that the hackers leave the update alone, that way the script nags the user for updates and purchase the product. Nulled scripts are good for testing things out see if you like em.

sohomnet

07-29-2015, 06:00 AM
lolclol and xecution can you please stop the update process?

Or please share the code so that we can manipulate to stop the update process from back end.

nhgvietnam

09-19-2015, 01:58 AM
the link download not work

meandmyselfonly

09-20-2015, 02:04 AM
(07-17-2015 01:52 AM)lolclol Wrote: [ -> ]please do not make mirrors i will look after the links

may be some update or reupload

thank's
Pages: 1 2 3 4
Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > {NULLED}Simple Invoice Manager - Invoicing Made Easy 3.2
Reference URL's