[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (OT) Understanding phpbb hack.

On Tue, 25 Jan 2005 19:16:14 +0800, Franki <franki@htmlfixit.com> wrote:
> A client of mine was hacked using a phpbb exploit.
> %2527%252esystem(chr(101)

> Does anyone know of a perl script or something that can convert this
> back to a string of human readable shell commands??

Its double URL encoded with a bunch of decimal chr commands, this
should get you started:

use strict;
use warnings;

my $string = "viewtopic.php?t=509&highlight=%2527%252esystem(chr(101)%252echr(99)%252echr(104)+%252echr(111)%252echr(32";

$string =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg; # Deurlencode
$string =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg; # Twice
$string =~ s/chr\((\d*)\)/chr($1)/eg; # Convert chr commands to their output

print $string , "\n";

David Dorward <http://dorward.me.uk><http://blog.dorward.me.uk>

Reply to: