lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 09 Mar 2006 16:24:13 -0800 From: Don Voita <don@...ucsb.edu> To: bugtraq@...urityfocus.com Subject: Re: HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit If you have the register user functionality disabled, like I do, you can rename wp-register.php to something else. This workaround prevented the DoS for me, and will hold you over until the developers have a chance to address this. Don h4cky0u.org@...il.com wrote: > ------------------------------------------------------ > HYSA-2006-005 h4cky0u.org Advisory 014 > ------------------------------------------------------ > Date - Wed March 08 2006 > > > TITLE: > ====== > > WordPress 2.0.1 Remote DoS Exploit > > > SEVERITY: > ========= > > Medium > > > SOFTWARE: > ========= > > Wordpress 2.0.1 and prior > > > INFO: > ===== > > WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and > > usability. What a mouthful. WordPress is both free and priceless at the same time. > > Support Website : http://wordpress.org/ > > > FIX: > ==== > > No fix available as of date. > > > GOOGLEDORK: > =========== > > "Powered by WordPress" > > > CREDITS: > ======== > > - Exploit coded by matrix_killer of h4cky0u Security Forums > > Mail : matrix_k at abv dot bg > > Web : http://www.h4cky0u.org > > > - Co Researcher - > > h4cky0u of h4cky0u Security Forums. > > Mail : h4cky0u at gmail dot com > > Web : http://www.h4cky0u.org > > > ORIGINAL ADVISORY: > ================== > > http://www.h4cky0u.org/advisories/HYSA-2006-005-wordpress.txt > > >
Powered by blists - more mailing lists