关联漏洞
标题:
WordPress 安全漏洞
(CVE-2018-6389)
描述:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 4.9.2及之前版本中存在安全漏洞。攻击者可通过使用较大的registered .js文件列表,创建请求来多次加载文件利用该漏洞造成拒绝服务(资源消耗)。
描述
Improved DOS exploit for wordpress websites (CVE-2018-6389)
介绍
# Shiva
First of all, put Shiva on watch. I will be upgrading it to a full stress testing suite over time.
Shiva is designed to perform Denial Of Service (DOS) attack on wordpress sites by loading all jquery scripts at once through load-scripts.php. So basically its an exploit for [CVE-2018-6389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389).</br>
### Awesomeness
- Shiva uses multithreading to bring down websites as soon as possible,
- You don't need to worry about your IP being exposed because Shiva uses [Proxify](https://github.com/UltimateHackers/proxify) to route all requests through random proxies which keep getting rotated automatically.
### Dependencies & Compatibility
Shiva is compatible with both python2 and python3.</br>
Dependencies:
- requests
- proxify
### Usages
You can attack a target with Shiva as follows:
```
python shiva.py -u target.com -t 50
```
Where target.com is the target website and 50 is the number of threads.</br>
You must keep in mind that Shiva is only effective against wordpress site so make sure your target runs on wordpress.</br>
Number of threads should be selected according to the network speed.
<img src='https://i.imgur.com/dWDfGnr.png' />
文件快照
[4.0K] /data/pocs/a0fc5d3e37559ba5719d5e42e90c8027eaea77bf
├── [1.2K] README.md
└── [7.1K] shiva.py
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。