lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALx_OUCtsWAHdm3bA5CVTjyfeNqma_Cx=tCxWFjMOZwXT8RRRw@mail.gmail.com> Date: Thu, 27 Jun 2013 23:19:28 -0700 From: Michal Zalewski <lcamtuf@...edump.cx> To: MustLive <mustlive@...security.com.ua> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Denial of Service in WordPress > Attack exactly overload web sites presented in endless loop of redirects. As > I showed in all cases of Looped DoS vulnerabilities in web sites and web > applications, which I wrote about during 2008 (when I created this type of > attacks) - 2013. You do realize that any browser can be made to issue a *lot* of requests to any other destination on the web - say, by instantiating a bunch of images, leveraging CORS, navigating iframes, etc? Browsers detect redirect loops to prevent accidental mishaps and simplify troubleshooting, not to stop malicious attacks. /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists