Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[Wordpress] Resource Exhaustion (Denial of Service)

From: "Zerial." <fernando () zerial org>
Date: Mon, 19 Oct 2009 08:51:30 -0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jcarlosn [http://rooibo.wordpress.com/] has discovered an Denial of
Service by Resource Exhaustion in all wordpress version.
This vulnerability affects the wp-trackbacks.php file and already exists
an available exploit for it.

The exploit: http://codes.zerial.org/php/wp-trackbacks_dos.phps

Execution:

$ while /bin/true; do php test.php http://target.bom/wordpress; done
hit!
hit!
hit!
hit!
hit!
hit!
hit!
hit!
hit!
hit!

Notice: fputs(): send of 8192 bytes failed with errno=11 Resource
temporarily unavailable

down!!

Load average: 22.07, 15.18, 8.58 (on target server)

- --
Fernando A. Lagos Berardi - Zerial
Desarrollador y Programador Web
Seguridad Informatica
Linux User #382319
Blog: http://blog.zerial.org
Skype: erzerial
Jabber: zerial () jabberes org
GTalk && MSN: fernando () zerial org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrcUsIACgkQIP17Kywx9JQnNQCeOwPir0lZxguy8d4LDmNzKxD8
CyYAoJEEAaoyOnE09VbVRveUQU7Uapcq
=pFaY
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: