[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [Wordpress] Resource Exhaustion (Denial of Service)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [Wordpress] Resource Exhaustion (Denial of Service)
From: "Zerial." <fernando@xxxxxxxxxx>
Date: Mon, 19 Oct 2009 08:51:30 -0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jcarlosn [http://rooibo.wordpress.com/] has discovered an Denial of
Service by Resource Exhaustion in all wordpress version.
This vulnerability affects the wp-trackbacks.php file and already exists
an available exploit for it.

The exploit: http://codes.zerial.org/php/wp-trackbacks_dos.phps

Execution:

$ while /bin/true; do php test.php http://target.bom/wordpress; done
hit!
hit!
hit!
hit!
hit!
hit!
hit!
hit!
hit!
hit!

Notice: fputs(): send of 8192 bytes failed with errno=11 Resource
temporarily unavailable

down!!

Load average: 22.07, 15.18, 8.58 (on target server)

- --
Fernando A. Lagos Berardi - Zerial
Desarrollador y Programador Web
Seguridad Informatica
Linux User #382319
Blog: http://blog.zerial.org
Skype: erzerial
Jabber: zerial@xxxxxxxxxxxx
GTalk && MSN: fernando@xxxxxxxxxx

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrcUsIACgkQIP17Kywx9JQnNQCeOwPir0lZxguy8d4LDmNzKxD8
CyYAoJEEAaoyOnE09VbVRveUQU7Uapcq
=pFaY
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1913-1] New bugzilla packages fix SQL injection
Next by Date: Re: [Full-disclosure] milw0rm
Previous by thread: [Full-disclosure] [SECURITY] [DSA 1913-1] New bugzilla packages fix SQL injection
Next by thread: [Full-disclosure] [ MDVSA-2009:280 ] cups
Index(es):
- Date
- Thread