Monday, 29 August 2011

DDOS using google servers



Its true google helps everyone.Recently we had killapache dos now we have ddos + proxy with the help of google +
How does DDOS via google+ works?
The vulnerable pages are /_/sharebox/linkpreview/ and “gadgets/proxy?“
Is possible to request any file type, and G+ will download and show all the content. So, if you parallelize so many requests, is possible to DDoS any site with Google bandwidth. Is also possible to start the attack without be logged in G+.

Attack vectors:

The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site (TOR+This method); The funny thing is that apache will log Google IPs.
But beware: gadgets/proxy? will send your ip in apache log, if you want to attack, you’ll need to use /_/sharebox/linkpreview/




+DDoS source code download:

http://www.ihteam.net/advisories/_154785695367_+ddos.sh

source

EDIT - This vulnerability have been patched !

No comments:

Post a Comment