lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 12 Feb 2014 17:43:42 +0100
From: Aris Adamantiadis <aris@...adc0de.be>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: DoS via tables corruption in WordPress

Mustlive is just a troll and has nothing to show. Thanks for wasting our
time.

Le 12/02/14 15:51, Harry Metcalfe a écrit :
> Hi MustLive,
>
> Just to make things a bit easier, would you mind replying with links
> for the perishablepress.com article, the 2009 advisory and the 2012
> article?
>
> Many thanks!
>
> Harry
>
>
> On 12/02/2014 14:44, MustLive wrote:
>> Hello Aris!
>>
>> First of all, I wrote all required information in my post in May 2009 at
>> perishablepress.com. And I answered on all questions (including lame
>> ones
>> and scepsis) concerning attack on WordPress, which I proposed to
>> owner of
>> that site as explanation why his site was hacked that time (via engine
>> reinstall). And since I developed conception of this attack yet in
>> 2007 (for
>> IPB, because I have forum on this engine) and made advisories for
>> WordPress
>> and IPB concerning possibility of attacks via table corruption, so in
>> 2012 I
>> made detailed article "Attack via tables corruption in MySQL"
>> (http://websecurity.com.ua/articles/attack-via-tables-corruption-in-mysql/),
>>
>> which I published at my site and in WASC mailing list.
>>
>> So all aspects of attacks were described and all questions were
>> answered by
>> me many years ago. Those who didn't read that information should read
>> it,
>> those who have questions should read my 2009's advisory and 2012's
>> article -
>> AND THEY WILL HAVE NO QUESTIONS. And for those who have scepsis about
>> database corruption attacks - that it's not possible to make reliable
>> attack
>> with 100% chance to conduct attack on real web site - for those I made
>> exploit and video of its use on web site in Internet. So unbelievers
>> should
>> watch video and believe.
>>
>>> I have yet to determine if that was an accident or an attack.
>>
>> I'm sure that your case is an accident, not an attack. Since everyone
>> after
>> I proposed this attack from 2009 and till now didn't believe in
>> possibility
>> of this attack and considered it as "conceptual". I.e. that was
>> "luck" for
>> attackers to hack perishablepress.com with using of tables corruption
>> that
>> particular day and it'll not happen again for nobody as skeptics
>> thought. My
>> video should change their mind.
>>
>> First of all it's hard attack and I didn't release my exploit (and
>> will not
>> release it in near future) and not aware about anyone's exploit in the
>> public for 5 years after my 2009's advisory. So you have exact
>> combination
>> of hardware and software (MySQL and WordPress) that makes your site
>> vulnerable to this attack. Most of web sites on WordPress can sleep
>> tight
>> until some day an attacker will test their site on "crashability" and
>> make
>> them vulnerable to this attack.
>>
>> For all nuances of attacking on tables in MySQL read my article to
>> understand your case and create scenario of possible attack on your
>> site to
>> trigger table crash, which leads to DoS. Concerning your case I'll write
>> more information to you privately. It's needed to you to find out the
>> exact
>> way of crashing tables at site to prevent "accident" turn into "attack".
>>
>> Note, that WP developers later in 2009, after reading that my
>> publication
>> and thinking for 7 months, made a fix for this DoS in WP 2.9. But
>> they made
>> not automated tables repair, but manual, so it can't be considered as
>> a fix,
>> since tables can be crashed and site will be DoSed - until admin will
>> find
>> it and manually repair the tables. So WP developers made lame fix for
>> this
>> DoS attack, as I wrote in my 2012 advisory and WP is still vulnerable
>> (and
>> also I described DoS vulnerability in protection functionality
>> against this
>> DoS attack).
>>
>>> If Mustlive has any real and concrete information (URL, exploit code),
>>> please share with us.
>>
>> All real and concrete information is in my 2009's advisory and 2012's
>> article. With addition of my 2014's video (I was planning to make it in
>> 2012, but found time only this month). So reading and watching of
>> them will
>> help. For now I'll not release any exploits (don't need to create a
>> risk not
>> for that lame site in my video, nor for all other WordPress sites,
>> since WP
>> developers haven't fixed hole properly), but I'll do it in the future.
>>
>> Best wishes & regards,
>> MustLive
>> Administrator of Websecurity web site
>> http://websecurity.com.ua
>>
>> ----- Original Message ----- From: "Aris Adamantiadis"
>> <aris@...adc0de.be>
>> To: "Andrew Nacin" <nacin@...dpress.org>; "MustLive"
>> <mustlive@...security.com.ua>
>> Cc: <full-disclosure@...ts.grok.org.uk>
>> Sent: Tuesday, February 11, 2014 3:46 PM
>> Subject: Re: [Full-disclosure] DoS via tables corruption in WordPress
>>
>>
>>
>> Le 11/02/14 09:34, Andrew Nacin a ?crit :
>>> Aris mentions he experienced corruption in his own WordPress setup.
>>> It's
>>> most likely the options table simply crashed, not as a result of any
>>> particular exploit. This is, after all, why MySQL has a REPAIR command
>>> (and why we have a script for users to use).
>>>
>> This happened again last night. The mysql corruption was caused by an
>> OOM random kill (thanks linux) that chose mysql daemon as a victim. The
>> cause of the OOM was either wordpress or piwik, probably made possible
>> through apache misconfiguration (too many children). I have yet to
>> determine if that was an accident or an attack.
>>
>> If Mustlive has any real and concrete information (URL, exploit code),
>> please share with us.
>>
>> Aris
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ