Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do we crash systems, browsers, or otherwise bring things to a halt, and how do we protect those things? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Forum DoS I thought up
Posted by: flam
Date: July 13, 2009 10:24AM

One day while I had forgotten my password to a forum, I realized that many forums allow password recovery through email very easily (no captcha). I was thinking, what if I wrote a POST script to send email recovery emails as fast as possible... The server's mail service might clog up (maybe, I have no idea), but more importantly, after a while, the hosting company will suspend the forum's account for being "spamers".
To add some pizazz to this you can make an array of all the member names or emails and send password recovery to each one of them. Gmail merges emails from the same recipient into one conversation, but I'm sure other mail services/clients would easily be spammed by this.

I'll post some code later if I get any free time.

Options: ReplyQuote
Re: Forum DoS I thought up
Posted by: PaPPy
Date: July 13, 2009 02:42PM

i came across this a while ago...
maybe it can stir some ideas for you
http://pastebin.com/f46324177

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Forum DoS I thought up
Posted by: flam
Date: July 14, 2009 04:31PM

Thanks for the php, it definitely stirred some ideas in my head. :)

Options: ReplyQuote


Sorry, only registered users may post in this forum.