CVE-2014-0195 PoC — OpenSSL 缓冲区错误漏洞

Source

https://github.com/PezwariNaan/CVE-2014-0195

Associated Vulnerability

Title:OpenSSL 缓冲区错误漏洞 (CVE-2014-0195)
Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL的d1_both.c文件中的‘dtls1_reassemble_fragment’函数存在安全漏洞，该漏洞源于程序没有正确验证DTLS ClientHello消息中的段长度。远程攻击者可借助长的未初始化的段值利用该漏洞执行任意代码或造成拒绝服务（缓冲区溢出和应用程序崩溃）。以下版本受到影响：Ope

Description

Exploit for CVE-2014-0195

Readme

# XML-RPC WordPress Brute-Force Exploit Script

This repository contains a Python-based proof of concept (PoC) for brute-forcing login credentials on WordPress instances vulnerable to CVE-2014-0195, where the XML-RPC `system.multicall` function can be exploited to attempt multiple login requests in a single HTTP request, potentially resulting in a denial of service. This script is intended for cybersecurity professionals to evaluate the security posture of WordPress installations.

## Disclaimer

> This code is strictly for ethical use on authorized systems. Unauthorized use of this code is illegal and may lead to severe consequences. Always obtain explicit permission before testing or exploiting systems you do not own.

## Vulnerability Overview

The vulnerability lies in WordPress's XML-RPC API, specifically within the `system.multicall` method. This method allows for batching multiple requests, which is exploited here to submit multiple login attempts within a single request. This feature allows for faster brute-force attempts and bypasses typical rate-limiting protections.

More details can be found in the [Broadcom Security Advisory](https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31137).

## Prerequisites

- **Python 3**
- **Requests library**: Install via `$ pip install -r requirements.txt` or `$ pip install requests`.
- **Seclists**: This script uses the `rockyou-75.txt` password file from Seclists. Ensure it’s installed at `/usr/share/seclists/Passwords/Leaked-Databases/rockyou-75.txt` or change the path accordingly.

## How It Works

The script performs the following steps:

1. **Initialize and Load Passwords**: Loads a list of passwords from the specified file.
2. **Payload Generation**: Generates XML-RPC payloads containing up to 200 login attempts each, using the `system.multicall` method.
3. **Multithreaded Request Sending**: Launches threads to send each payload to the target URL and monitors responses for successful logins.

File Snapshot


 [4.0K]  /data/pocs/193666fab7d0db7c02425f20abbe3c58b02e7931
├── [ 174]  pyvenv.cfg
├── [2.0K]  README.md
├── [ 464]  requirements.txt
└── [4.0K]  src
    └── [2.2K]  main.py

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!