Perl Script for fixing PHPBB 2.0.15 exploit

Here is a script which will fix your PHPBB version 2.0.15 to prevent this exploit:

http://www.packetstormsecurity.org/0...b2_0_15.pl.txt

Just save it in something like phpbbfix.pl and run it via SSH (as root):

perl phpbbfix.pl

You may need to change it's permissions to make it exec.

Our programmer guy whipped it up to correct the exploit easily for our multiple linux servers (cpanel). Your welcome to use it and pass it out as you wish. It's from 100megswebhosting but we're not to be held responsible for any issue you may have with it (financial or otherwise). It worked just fine for us!

xxxxxxxxxxxxxxx begin perl code xxxxxxxxxxxxxxxxxxxxxxx
#!/usr/bin/perl

# 100megs PHPBB 2.0.15 fix script

my $loc = `locate viewtopic.php`;

foreach (split(/\n/,$loc)) {
chomp;
next if (!$_);

print "$_...";

my ($out, $changed);

open(FL,$_);
while (my $line = <FL>) {
$changed++ if ($line=~s/str_replace\(\'\\\\\'\, \'\\\\\\\\\'\, \$highlight_match\)/str_replace\(\'\\\\\'\, \'\\\\\\\\\'\, addslashes\(\$highlight_match\)\)/g);
$out .= $line;
}
close(FL);

if ($changed) {
`cp $_ $_.100megsfix.bak`;

open(OUT,">$_");
print OUT $out;
close(OUT);

print "Fixed\n";
}
else {
print "Nothing to fix\n";
}
}
xxxxxxxxxxxxxxxxxxxxxxxxxx end perl code xxxxxxxxxxxxxxxxx

Hope it helps!

 

 

 

 

Top