CVE-2018-6389 PoC — WordPress 安全漏洞

Source

https://github.com/Zazzzles/Wordpress-DOS

Associated Vulnerability

Title:WordPress 安全漏洞 (CVE-2018-6389)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 4.9.2及之前版本中存在安全漏洞。攻击者可通过使用较大的registered .js文件列表，创建请求来多次加载文件利用该漏洞造成拒绝服务（资源消耗）。

Description

Exploit for vulnerability CVE-2018-6389 on wordpress sites

Readme

# CVE-2018-6389 exploit for Wordpress sites

> A small DOS script targeting an unpatched vulnerability in wordpress sites. 
> Uses `/wp-admin/load-scripts.php` to request additional scripts from hosting server.
> Includes large list of scripts as request payload

> This implementation is for testing purposes only

## Usage

> `python wpdos.py -t 5000 -g 'https://www.wordpresswebsite.co.za'` 

> `-t` specifies how many threads requests should run on

> `-g` Specifies GET request type

## Dependancies

> This script requires the `requests` package. Reccommend installation with [pip](https://bootstrap.pypa.io/get-pip.py)

## Acknowledgements

> This script was put together with snippets from @m3ssap0 @WazeHell and @Palvinder-Singh

File Snapshot


 [4.0K]  /data/pocs/31782af19e8545f5127bea04f26baf8a6906fc71
├── [1.6M]  get-pip.py
├── [ 738]  README.md
└── [6.1K]  wpdos.py

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!