Found on the same server of 'bender edition'
It's another cc-grabbers but you can call this one 'crappy edition'
The php code of the main page was obfuscated
Replace eval($ev); by echo($ev); and you get the clean version.
thanks tishrom :)
There is only this page:
index.php who is the update page, after looking at the source code, you must call it like this:
It will insert datas into a html file at "data/log.html"
and will use jabber/icq for notify.
(jabber by calling lib/class.jabber.php)
screenshot of the 'log.html' found on the server:
There is no options for manage credit cards and stuff.
And like the previous panel, this coder has never heard of XSS attacks.
All variables are vulnerable except 'action' & 'pkey'