关联漏洞
标题:
WordPress 安全漏洞
(CVE-2018-6389)
描述:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 4.9.2及之前版本中存在安全漏洞。攻击者可通过使用较大的registered .js文件列表,创建请求来多次加载文件利用该漏洞造成拒绝服务(资源消耗)。
描述
load-scripts.php file, which purpose is to retrieve several JavaScript packages through one single request.
介绍
# Wordpress-DOS-Attack-CVE-2018-6389
[](https://www.cvedetails.com/cve/CVE-2018-6389)
Load-scripts.php file, which purpose is to retrieve several JavaScript packages through one single request.
```sh
$ chmod +x Execute.sh
$ ./Execute.sh
```
# How it Works!
- The problem lies upon the load-scripts.php file, which purpose is to retrieve several Javascript packages through one single request, such as bootstrap, jquery, and jqueryUI, among others.
- It is possible to create a special request to retrieve a huge quantity of different Javascripts, resulting in a high CPU resource and high bandwidth usage.
- Using a simple tool, it is possible to send hundreds of requests per second, which can easily increase RAM and CPU usage to the limit, resulting in a web server failure that would prevent users from accessing the attacked website or any other websites hosted on the same server.
<p align="center">
<img src="IMG.png" width="350" alt="accessibility text">
</p>
-------------------------------------------------------------------------------------------------------------------------------------------
文件快照
[4.0K] /data/pocs/8c14316edc2f952088509a882efa90e84e4d3a46
├── [2.7K] Execute.sh
├── [ 89K] IMG.png
├── [ 34K] LICENSE
├── [1.2K] README.md
└── [4.6K] WORDPRESS_4.9.X_DOS.py
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。