CVE-2018-6389 PoC — WordPress 安全漏洞

Source

https://github.com/ianxtianxt/CVE-2018-6389

Associated Vulnerability

Title:WordPress 安全漏洞 (CVE-2018-6389)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 4.9.2及之前版本中存在安全漏洞。攻击者可通过使用较大的registered .js文件列表，创建请求来多次加载文件利用该漏洞造成拒绝服务（资源消耗）。

Description

CVE-2018-6389: WordPress <= 4.9.x 拒绝服务(DOS)漏洞

Readme

# doser.py
DoS tool for HTTP requests (inspired by hulk but has more functionalities) written in Python:
![](https://raw.githubusercontent.com/Quitten/doser.py/master/doser.jpg)

# Examples
999 threads sends GET requests:

```bash
python doser.py -t 999 -g 'https://targeted.site.com'
```

999 threads sends POST requests with json data:

```bash
python doser.py -t 999 -p 'https://targeted.site.com' -ah 'Content-Type: application/json' -d '{"json": "payload"}'
```

# Usage
usage: doser.py [-h] [-g G] [-p P] [-d D] [-ah AH] [-t T]

optional arguments:

  -h, --help  show this help message and exit
  
  -g        Specify GET request. Usage: -g '< url >'
  
  -p        Specify POST request. Usage: -p '< url >'
  
  -d        Specify data payload for POST request
  
  -ah      Specify addtional header
  
  -t        Specify number of threads to be used

# TODO:
Rewrite to Golang :)

File Snapshot


 [4.0K]  /data/pocs/088df59580f933b825df893350dc69c0d113c293
├── [7.6K]  doser.jpg
├── [4.6K]  doser.py
└── [ 889]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!