Bugtraq mailing list archives

Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit

From: Don Voita <don () cs ucsb edu>
Date: Thu, 09 Mar 2006 16:24:13 -0800

If you have the register user functionality disabled, like I do, you canrename wp-register.php to something else. This workaround prevented theDoS for me, and will hold you over until the developers have a chance toaddress this.


Don

h4cky0u.org () gmail com wrote:

------------------------------------------------------
      HYSA-2006-005 h4cky0u.org Advisory 014
------------------------------------------------------
Date - Wed March 08 2006


TITLE:
======

WordPress 2.0.1 Remote DoS Exploit


SEVERITY:
=========

Medium


SOFTWARE:
=========

Wordpress 2.0.1 and prior


INFO:
=====

WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and

usability. What a mouthful. WordPress is both free and priceless at the same time.

Support Website : http://wordpress.org/


FIX:
====

No fix available as of date.


GOOGLEDORK:
===========

"Powered by WordPress"


CREDITS:
========

- Exploit coded by matrix_killer of h4cky0u Security Forums

Mail : matrix_k at abv dot bg

Web : http://www.h4cky0u.org


- Co Researcher -

h4cky0u of h4cky0u Security Forums.

Mail : h4cky0u at gmail dot com

Web : http://www.h4cky0u.org


ORIGINAL ADVISORY:
==================

http://www.h4cky0u.org/advisories/HYSA-2006-005-wordpress.txt

Current thread:

HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit h4cky0u . org (Mar 09)
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit Don Voita (Mar 10)
- <Possible follow-ups>
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit scaturan (Mar 09)
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit scaturan (Mar 10)
- Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit anonymous (Mar 15)