четверг, 18 декабря 2008 г.

Скрипт проверки уязвимой версии phpBB 2.0.x

Этот скрипт будет проверять и находить уязвимые версии phpBB 2.0.x. Скрипт ищет уязвимость, которая была обнаружена в phpbb, уязвимость позволяет гостю несанкционированный доступ к учетной записи пользователя и выполнение кода на целевом сервере. Этот скрипт имеет несколько вариантов, запустить скрипт с параметром -help, чтоб получить подробные сведения о скрипте.

Вот и сам скрипт:

#!/usr/bin/perl


 


use strict;


use DBI;


use Getopt::Long;


 


my($opt_disable,$opt_quiet,$opt_contact,$opt_help,$phpbb_version,$phpbb_path,%found);


 


GetOptions (    'd' => $opt_disable,


        'q' => $opt_quiet,


        'c' => $opt_contact,


        'h' => $opt_help,


        'help' => $opt_help );


 


chomp(my $hostname = `hostname`);


 


#2.0.xx  Only put the last oct below


my $current_version = '17';


 


if($opt_help) {


    print "Usage: $0 <OPTIONS>nn";


    print "Description: This script will search all of your mysql databases for a vulnerablen";


    print "             version of phpbb.nn";


    print "t-dtDisable Vulnerable Versions of PHPBBn";


    print "t-qtQuiet, dont print anything to STDOUTn";


    print "t-ctAttempt to send user a noticen";


    print "t-htDisplay this screenn";


    exit;


}


 


print "PHPBB Version CheckerttFor More Scripts GoTo: http://www.cPlicensing.net/n" unless $opt_quiet;


print "Written By: Shaun.Reitan <> Network Data Center Host, Inc.nn" unless $opt_quiet;


print "This script will search all of your mysql databases for a vulnerable version of phpbbnn" unless $opt_quiet;


 


 


my %MYCNF;


open MYCNF, "</root/.my.cnf" or die("Fatal Error: Unable to open /root/.my.cnf");


while(<MYCNF>) {


    s/"|n//g;


    my($d,$v) = split(/=/,$_,2);


    $MYCNF{$d} = $v;


}


close MYCNF;


 


 


# Only uncomment these if you need to change the default mysql user and pass, you really should modify your /root/.my.cnf


#$MYCNF{'user'} = '';


#$MYCNF{'pass'} = '';


 


print "Searching..." unless $opt_quiet;


my $dbh = DBI->connect("DBI:mysql:host=localhost",$MYCNF{'user'},$MYCNF{'pass'}, {'RaiseError' => 0});


die("Fatal Error: MySQL connection failed") unless $dbh;


 


my $dbs_sth = $dbh->prepare("SHOW DATABASES");


my $dbs_rv = $dbs_sth->execute();


while(my $dbname = $dbs_sth->fetchrow_array()) {


    my($user,undef) = split(/_/,$dbname,2);


    my $sth = $dbh->do("use `$dbname`");


    my $tables_sth = $dbh->prepare("SHOW TABLES");


    my $tables_rv = $tables_sth->execute();


    while(my $tablename = $tables_sth->fetchrow_array) {


        if($tablename =~ /_config$/) {


            my $rows_sth = $dbh->prepare("SELECT * FROM $tablename");


            my $rows_rv = $rows_sth->execute();


            while(my($n,$v) = $rows_sth->fetchrow_array()) {


                $phpbb_version = $v if $n eq "version";


                $phpbb_path = $v if $n eq "script_path";


            }


            if($phpbb_version) {


                my(undef,$f,$s) = split (/./, $phpbb_version,3);


                if($f eq "0" and $s < $current_version) {


                    $found{$user}{'version'} = $phpbb_version;


                    $found{$user}{'path'} = $phpbb_path;


                }


            }


            $phpbb_version = 0;


            $phpbb_path = 0;


        }


    }


}


print "Complete, Found ".(scalar keys %found)." Vulnerable Versions of PHPBB 2.0.xnn" unless $opt_quiet;


 


foreach my $key (keys %found) {


    print "User: ".$key.", Version: ".$found{$key}{'version'}.", WebPath: ".$found{$key}{'path'}."n" unless $opt_quiet;


    disable_phpbb($key,$found{$key}{'path'}) if $opt_disable;


    sendnotice($key) if $opt_contact;


}


 


 


sub sendnotice {


    my($user) = @_;


 


    my @USER = getpwnam($user);


    return unless @USER;


    


    return unless -f $USER[7]."/.contactemail";


 


    open CONTACTEMAIL , "<".$USER[7]."/.contactemail";


    chomp(my $user_email = <CONTACTEMAIL>);


    close CONTACTEMAIL;


    


    open SENDMAIL, "|/usr/sbin/sendmail -t";


    print SENDMAIL "To: <$user_email>n";


    print SENDMAIL "From: Security@$hostnamen";


    print SENDMAIL "Subject: Vulnerable PHPBB Warning!nn";


    if($opt_disable) {


        print SENDMAIL "Hello,nnA recent server scan revealed that your site had a vulnerable version of phpbb.  To help ensure the security of the server and all of it's users we have disabled your phpbb forum.  Please upgrade your forum to the latest phpbb version before you re-enable your forum.  Thank You.n";


    } else {


        print SENDMAIL "Hello,nnA recent server scan revealed that your site had a vulnerable version of phpbb.  To help ensure the security of the server we are asking you to update your phpbb forum to the latest version.  Please do this immediately. Thank Youn";


    }


    close SENDMAIL;


}


 


 


sub disable_phpbb() {


    my($user,$path) = @_;


 


    unless ( -f "/usr/local/cpanel/cpanel" ) {


        print "Cannot Disable $user, This feature is for cPanel Servers Onlyn" unless $opt_quiet;


        return;


    }


    unless( -f "/usr/local/apache/htdocs/suspended.page/phpbb_vuln.html" ) {


        open HTML, ">/usr/local/apache/htdocs/suspended.page/phpbb_vuln.html";


        print HTML "<html><head><title>PHPBB DISABLED</title></head><body bgcolor=white><center><b>The Following PHPBB Forum was disabled for security reasons.  If you are the webmaster of this forum please contact your web host for more detail.</b></center></html>n";


        close HTML;


    }


        


    my @USER = getpwnam($user);


    if(@USER) {


        rename $USER[7]."/public_html/".$path."/.htaccess", $USER[7]."/".$path."/.htaccess.phpbbsuspended" if -f $USER[7]."/".$path."/.htaccess";


        open HTACCESS, ">".$USER[7]."/public_html/".$path."/.htaccess";


        print HTACCESS "RedirectMatch .* http://$hostname/suspended.page/phpbb_vuln.htmlnOptions -Includes -Indexes -ExecCGIn";


        close HTACCESS;


        chown($USER[2],$USER[3],$USER[7]."/public_html/".$path."/.htaccess");


    } else{


        print "Error: getpwnam returned false for $usern" unless $opt_quiet;


    }


 


}




 



Скачать скрипт: phpBB find

Комментариев нет:

Отправить комментарий