CVE-2018-6389 PoC — WordPress 安全漏洞

Source

Associated Vulnerability

Description

load-scripts.php file, which purpose is to retrieve several JavaScript packages through one single request.

Readme

# Wordpress-DOS-Attack-CVE-2018-6389

[![Build Status](https://travis-ci.org/joemccann/dillinger.svg?branch=master)](https://www.cvedetails.com/cve/CVE-2018-6389)

Load-scripts.php file, which purpose is to retrieve several JavaScript packages through one single request.
```sh
$ chmod +x Execute.sh
$ ./Execute.sh
```

# How it Works!
- The problem lies upon the load-scripts.php file, which purpose is to retrieve several Javascript packages through one single request, such as bootstrap, jquery, and jqueryUI, among others.

- It is possible to create a special request to retrieve a huge quantity of different Javascripts, resulting in a high CPU resource and high bandwidth usage.

- Using a simple tool, it is possible to send hundreds of requests per second, which can easily increase RAM and CPU usage to the limit, resulting in a web server failure that would prevent users from accessing the attacked website or any other websites hosted on the same server.

<p align="center">
  <img src="IMG.png" width="350" alt="accessibility text">
</p>


-------------------------------------------------------------------------------------------------------------------------------------------

File Snapshot

 [4.0K]  /data/pocs/8c14316edc2f952088509a882efa90e84e4d3a46
├── [2.7K]  Execute.sh
├── [ 89K]  IMG.png
├── [ 34K]  LICENSE
├── [1.2K]  README.md
└── [4.6K]  WORDPRESS_4.9.X_DOS.py

0 directories, 5 files

Remarks