Date: Mon, 10 Feb 2014 15:02:51 +0200
From: "MustLive" <mustlive@...security.com.ua>
To: <full-disclosure@...ts.grok.org.uk>
Subject: DoS via tables corruption in WordPress

Hello participants of Mailing List.

There is DoS vulnerability in WordPress, about which I wrote in 2009 
(http://websecurity.com.ua/3152/, on English 
http://perishablepress.com/important-security-fix-for-wordpress/comment-page-5/#comment-71666), 
which allows to conduct DoS attack or reinstall of the engine (depending on 
corrupted table). And in 2012 (http://websecurity.com.ua/5774/, on English 
http://securityvulns.ru/docs27968.html) I wrote that developers hadn't fixed 
it, even they said so, and they made new DoS vulnerability.

In April 2012 I wrote my article "Attack via tables corruption in MySQL" 
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-May/008363.html) 
and in July made English version of the article 
(http://websecurity.com.ua/articles/attack-via-tables-corruption-in-mysql/). 
Where I described vulnerabilities in WordPress and IPB which are based on my 
conception of attack via tables corruption.

On Saturday I published a video with my WordPress DoS exploit 
(http://www.youtube.com/watch?v=kwv5ni_qxXs), which shows this DoS attack on 
one security site on WordPress. Vulnerable are all versions of WordPress. 
This video is a proof of this vulnerability in WP and of the attack 
described in the article.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists