Full Disclosure mailing list archives

Re: Denial of Service in WordPress

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 27 Jun 2013 23:19:28 -0700

Attack exactly overload web sites presented in endless loop of redirects. As
I showed in all cases of Looped DoS vulnerabilities in web sites and web
applications, which I wrote about during 2008 (when I created this type of
attacks) - 2013.


You do realize that any browser can be made to issue a *lot* of
requests to any other destination on the web - say, by instantiating a
bunch of images, leveraging CORS, navigating iframes, etc?

Browsers detect redirect loops to prevent accidental mishaps and
simplify troubleshooting, not to stop malicious attacks.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Denial of Service in WordPress MustLive (Jun 27)
- Re: Denial of Service in WordPress Ryan Dewhurst (Jun 27)
  - Re: Denial of Service in WordPress MustLive (Jun 27)
    - Re: Denial of Service in WordPress Julius Kivimäki (Jun 27)
    - Re: Denial of Service in WordPress MustLive (Jun 28)
    - Re: Denial of Service in WordPress Jann Horn (Jun 28)
    - Re: Denial of Service in WordPress Julius Kivimäki (Jun 29)
    - Re: Denial of Service in WordPress Cool Hand Luke (Jun 30)
    - Re: Denial of Service in WordPress Jann Horn (Jun 27)
    - Re: Denial of Service in WordPress Michal Zalewski (Jun 27)
    - Re: Denial of Service in WordPress MustLive (Jun 29)
    - Re: Denial of Service in WordPress Michal Zalewski (Jun 29)